I'm trying to get authentication working using kerberos in Windows instead of username and password when connecting to PostgreSQL. Very new to this area and would appreciate any thoughts. In essence what I want to achieve is not having the password in the app configuration. Maybe there are other options apart from using kerberos?
Will the following work?
configure Postgres for SSPI authentication
create a user in Postgres with the same user name as the SPN of the user in the AD
pre-create kerberos authentication tickets (somehow magically) for the created user
connect to postgres using psql with the above user without providing the password
If this is at all possible I'm interested in how to achieve that magical part above ^^^
Thanks.
I just installed PostgreSQL 13 on Windows 11. When I run the command psql by default it uses the user aaron, the name of my Windows user account. However, it asks me for a password. I have tried all passwords associated with my Windows account as well as the default password I set for the user postgres, none of which worked. I was able to log in with psql -U postgres, and I ran the command \du, and there was only one role in the list, postgres. Later I created the role aaron without specifying a password, but it still asks for a password.
So, did the user aaron exist initially or not? If not, then how was it the default user when I ran the psql command? What is the password for this user?
So, did the user aaron exist initially or not
No, it did not. The only user that is created when installing Postgres (or more precisely: when running initdb) is postgres.
If not, then how was it the default user when I ran the psql command
Quote from the manual
The default user name is your operating-system user name, as is the default database name
psql simply uses the operating system user as the default username to connect to the server. It knows nothing about the database user(s) until it tries to connect with a specific username and potentially password.
You can set a different default through the (Windows) environment variable PGUSER
Later I created the role aaron without specifying a password, but it still asks for a password.
Whether or not a password is required is controlled through pg_hba.conf
When you run psql command and don't provide a username it considers (that the current system user which in your case is aaron) is the user you want to use to login and hence you see a user which really don't exists.
Now regarding the password you might want to check a file generally named as pg_hba.conf which hold the essentials of who can connect (IPs) what username can he have and should that user be asked for password.
Now generally you will find answers saying that find this file and write down trust everywhere (which basically means if some specific user from a specific IP access this database of replication then don't ask for a password and let him enter), which you should not do until and unless you are utterly sure the postgresql server is just just local and has no real-time purpose.
So concluding you want to create a user with some encrypted password and then provide necessary privilege.
P.S: I have tried all these on a linux machine, but the server configurations are more or less same.
It's worth pointing out that PostgreSQL has it's own users and permissions independent of the OS. Some installers will automatically create a postgres OS user. I'm not sure what Windows does.
It seems that PostgreSQL can do Windows authentication. See this question for details on how to configure that.
As #a_horse_with_no_name has said, connection configuration is controlled by pg_hba.conf
PostgreSQL tries not to leak information about its users, so the failed-authentication attempt is not given much information about why it failed.
If you look in the server's log file, rather than the clients, you should first see messages about 'aaron' failing to authenticate because the user does not existing, and then (after you create it) about it failing to authenticate because it has no password assigned.
When you created the user, you should have assigned it a password if you wanted to use a password. Or as a superuser in psql, create it without a password and then assign one with \password aaron That way the password won't be visible on the screen, or in the log files.
To give a concise, direct answer:
right click on Windows icon and click “System”.
scroll down to “Advanced System Settings”.
click Environment Variables.
in “System variables”, click “New”.
Set Variable Name to PGUSER and Variable Value to postgres.
Or, in cmd: set PGUSER=postgres, which also sets it globally.
go to "Services" (in Task Manager), and restart the "postgresql-X64" service.
I'm new to PostgresSql (version 11), and want to connect to it (perform createdb.exe etc).
However, the Windows logged on user "me" is asked for a password, I used my windows password, my installer password and the password for a super user of the database but none of them work.
What can this be ?.
my installer password and the password for a super user of the database
Aren't those the same thing? How did the super user password get set, if not from the installer?
Did you try to login as the superuser's PostgreSQL account? psql -U postgres -h 127.0.0.1, for example. You can't use a super user's password to login as a different user, like "me" (not even if "me" is also a superuser).
I have a 32-bit DB2 ODBC DSN created with the user name and password saved. But when I try to connect to the DB I have to enter the user name and password again. Is there any way I can bypass the authentication? I have the user name and password saved in db2cli.ini file.
db2 CLP is not a cli application. You can't make it use these UID and PWD cli parameters.
I compiled Postgresql 9.5.3 and then installed it (Windows). I called initdb, then started the server. It created a user with name of the Windows user. It allows login without or with incorrect password. How to specify a password? ALTER USER test WITH PASSWORD 'x'; does not work.