I've found a number of sites that show how to reset a PostgreSQL password.
I can SSH into the machine, which is an OpenSuse 13.2 server, and I tried the commands that were given, and that never worked, I can't get into the psql in order to issue the SQL to change the password.
So, the pg_hba.conf has one line that looks like:
# TYPE DATABASE USER ADDRESS METHOD
host all postgres ident sameuser
Then I try to do a stop/start:
/etc/init.d/postgresql stop
/etc/init.d/postgresql start
and then I get this error:
Job for postgresql.service failed. See "systemctl status postgresql.service" and "journalctl -xn" for details.
So, the database won't even start.
BTW, I know I could do: /etc/init.d/postgresql restart
but I just wanted to know the database was really stopped before I restarted it.
I changed the pg_hba.conf file back to this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host all postgres 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 ident
And now I CAN START postgres again finally, so now I am going to try to login:
psql -U postgres
gives me:
psql: FATAL: role "postgres" is not permitted to log in
By every web-site out there, this is supposed to work. So, remotely over SSH or even on that machine, I still can't login to postgres, and I still can't change my password.
I need to get in and do this remotely, of if I have to be at the machine, I can do that also.
Related
I just create a user and new database on my local machine.
sudo su - postgres -c "createuser gauthier"
sudo su - postgres -c "createdb local-ag-db"
Then:
$ sudo -u postgres psql
sudo -u postgres psql
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
postgres=# grant all privileges on database "local-ag-db" to gauthier;
GRANT
I can access the database locally through a socket:
$ psql local-ag-db gauthier
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
local-ag-db=> \conninfo
You are connected to database "local-ag-db" as user "gauthier" via socket in "/var/run/postgresql" at port "5432".
But I cannot access it through localhost:
$ psql -d local-ag-db -h localhost -U gauthier
Password for user gauthier:
psql: fe_sendauth: no password supplied
My guess is that while createuser accepted to create a user without a password, logging in through the host requires identification that this user cannot provide.
This is the default content of /etc/postgresql/11/main/pg_hba.conf:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I have tried adding this at the end of that file, after reading the included documentation:
host local-ag-db gauthier samehost peer
but that did not work (after a restart sudo /etc/init.d/postgresql restart), it even broke my Unix socket access:
$ psql local-ag-db gauthier
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
I also tried this as last row of my config, with the same result:
host local-ag-db gauthier 127.0.0.1/32 peer
My questions:
how do I allow my local user to access the database through localhost?
how do I edit my conf file so that I don't break everything? (Unix socket method stops working when I add a rule)
On Debian.
You will need to add a line like:
host all all localhost trust
As you have no explicit rule currently it is dropping through to another catch all rule and prompting for authentication. Adrian's comment above is saying the same and likewise I don't suggest using trust outside of testing your connectivity - you really should assign a password and enforce it.
Adding entries to the pg_hba.conf needs care as the PostgreSQL will find the first match:
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no “fall-through” or “backup”: if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.
From https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
Regarding
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Looks like the restart may not have worked. Looks like no response rather than authentication failure.
Your server is not running. It never came back up when you tried to restart it, because you broke your hba. If you look in the log file, you should something like:
LOG: peer authentication is only supported on local sockets
FATAL: could not load pg_hba.conf
LOG: database system is shut down
Unbreak your pg_hba.conf and start the server again. Also, read your log files when you don't know what's going on. That is what they are there for.
You will need to choose a different method for authentication over localhost. ident is equivalent to peer, but it requires you to run the identd daemon on the server, and is not very secure for any addresses other than loopback ones.
I am having an issue where I forgot the password to the postgres shell when trying to login as postgres. I looked online and found several different things to do, but none of it worked. I have messed with the pg_hba.conf file but even with that change, it is not working. Here is what my pg_hba.conf file looks like.
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# CAUTION: Configuring the system for local "trust" authentication
# allows any local user to connect as any PostgreSQL user, including
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
and then i ran the follwoing command:
brew services restart postgres
and I keep getting the following error:
omars-MacBook-Pro:postgres omarjandali$ psql -U postgres Password for user postgres: psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"
Anyone know how to fix this issue.
It looks like your command psql -U postgres is attempting to make a socket connection, however you've only got trust authentication set up for TCP/IP connections on localhost.
Try psql -h localhost -U postgres.
Alternatively, add a line to pg_hba.conf setting up trust authentication for socket connections:
host all all trust
and restart PostgreSQL (though you don't actually need to restart it, pg_ctl -D /path/to/data-directory reload should work if you know the actual data directory path).
I'm completely unable to access anything in postgres as it's asking for a password for both the default postgres user as well as my mac username. I don't have a password for either, and in the case of postgres I don't even understand why there is a password as by defualt it shouldn't have one.
After running through many other answers on the subject:
If I run psql:
$ psql
Password for user <MY_USERNAME>:
psql: error: could not connect to server: FATAL: password authentication failed for user "<MY_USERNAME>"
If I run it with sudo:
$ sudo psql
Password for user root:
psql: error: could not connect to server: FATAL: password authentication failed for user "root"
If I run it with postgres user:
$ sudo -u postgres psql
Password for user postgres:
psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"
Also in my pg_hba.conf all the methods are set to trust, have also tried changing to ident and md5.
On the advice of #jjanes I searched for other pg_hba.conf files and this is what I found:
/usr/local/var/postgres.old/pg_hba.conf
/usr/local/var/postgres/pg_hba.conf
/usr/local/var/postgresql#10/pg_hba.conf
/Library/PostgreSQL/12/data/pg_hba.conf
The last one is empty (and read only) and the other three all look like this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
Anyone have any advice?
I had a similar issue on my Ubuntu 21.10.
I also tried resolving the problem by following the steps suggested above, but none worked.
At last, I resolved the problem by uninstalling postgres and removing every related files: https://askubuntu.com/questions/32730/how-to-remove-postgres-from-my-installation/32735#32735
Thereafter, I did a new installation of postgres using: https://levelup.gitconnected.com/installing-and-configuring-postgresql-on-ubuntu-20-04-e50122635927
Now, everything works fine.
Cheers.
I'm a french student and I have a little problem.
So I'm using Nagios with check_postgres plugin (here : https://exchange.nagios.org/directory/Plugins/Databases/PostgresQL/check_postgres/details)
So I'm using this plugin with command like this :
check_postgres.pl -u postgres -db bddprojet --action database_size -w $1000000 -c 10000000
It only works if I'm logged as postgres in ubuntu (su postgres), so no problem.
But when I want to add the plugin to Nagios, I have an error message:
ERROR: FATAL: Peer authentication failed for user "postgres"
I have exactly the same error message if I'm logged as 'root' on ubuntu when I use the command above.
I already check my pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
host all all 10.0.2.15/32 trust
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
local all postgres trust
# IPv6 local connections:
host all all ::1/128 md5
I really need help, thanks in advance. Sorry for my poor english
the line local all postgres trust makes sure that access to all databases by the postgresql user postgres are allowed without password. By default this is "peer" instead of "trust" which then only allows access with the postgresql ubuntu user. Did you restart the postgresql server after making this change ?
The postgresql server needs to be restarted after a pg_hba.conf change.
You'll have to move the line
local all postgres trust
up above the other local line and reload the server.
Lines in pg_hba.conf are processed top to bottom, and the first matching line is used.
The error message shows that you forgot to reload the server after editing the file.
I have installed PostgreSQL 9.3 on my Mac. I am trying to do this command:
$ sudo -u postgres psql template1
Password:
Password:
psql: FATAL: password authentication failed for user "postgres"
As you can see, it asks for a password, which I give it. And it fails. I try the password for the postgres user, and the computer password. It always says it fails.
I read that you can change the pg_hba.conf file to not ask for a password. It is below:
> # TYPE DATABASE USER ADDRESS METHOD
>
> # "local" is for Unix domain socket connections only
> local all all trust
> # IPv4 local connections:
> host all all 127.0.0.1/32 trust
> # IPv6 local connections:
> host all all ::1/128 trust
> # Allow replication connections from localhost, by a user with the
> # replication privilege.
> local replication postgres trust
> host replication postgres 127.0.0.1/32 trust
> host replication postgres ::1/128 trust
From my understanding this should not ask for a password. And yet it does.
Interesting note: it logs in fine in pgAdmin3. But not in terminal.
Update #1:
Tried to restart PostgreSQL after I change the pg_hba.conf file. This is the message I get.
$ pg_ctl -D postgres -l server.log restart
pg_ctl: PID file "postgres/postmaster.pid" does not exist
Is server running?
starting server anyway
pg_ctl: could not read file "postgres/postmaster.opts"
Turns out I had two versions of PostgreSQL installed on my system. 8.4 and 9.3. Whenever 8.4 was installed, all of the defaults were set to used it instead of 9.3. So even though 9.3 would never ask for permissions, or a password, 8.4 would.
Finally was able to kill the 8.4 version, which was running. And redirect traffic to 9.3. It works now!!!
I set 8.4's pg_hba.conf file to trust as well... just in case.