In setting up my postgresql installation, I determined that a user attempting to log in with a password, when not on its respective OS user, is failing authentication with the following message:
$ psql -d postgres confluence -W
psql: FATAL: Peer authentication failed for user "confluence"
Some quick Google searches told me to update my pg_hba.conf file. Since I'm in CentOS 6.5, running postgresql 9.3, the file was located at /var/lib/pgsql/data/pg_hba.conf.
The file originally contained:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
The contents of the file are now:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all confluence md5
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
(I suspect the md5 on all of them is a tad excessive since I'm theoretically only dealing with domain socket connections at this point, but I'd like to get all of my bases covered.)
I expected a restart of postgresql to do the trick, so i executed:
sudo /etc/init.d/postgresql-9.3 restart
Which reported successfully. Unfortunately there was no change to the behavior of the login attempts.
In a final effort to get a fresh load of the configuration file, I performed a full reboot, but nothing has changed.
Thoughts on what is missing here, anyone?
Edit:
In an attempt to verify that the file is being considered at all, i changed the method all all connections to 'trust', and with a service restart as above, I'm getting the following:
$ psql -d postgres confluence
psql: FATAL: Peer authentication failed for user "confluence"
If you are using Centos 6.5, and you have installed the RPMs provided by the Postgresql yum repo, then you will find the pg_hba.conf file is actually located in /var/lib/pgsql/9.3/data/, not /var/lib/pgsql/data/.
As you probably suspected by now, you have been modifying a file which is not read by the system at all.
The older postgresql RPMs used to place the postgresql data directory under /var/lib/pgsql/data, but at some point (9.0?) they moved it to a version-specific path, which makes it easier to run the pg_upgrade tool to migrate from one version to the next. Most likely, the directory you have been playing with is one left behind by one of these older versions.
Related
I've installed postgres 10 under Ubuntu, and trying to perform an import from the command line like:
psql -f dump.sql -U postgres -d dbname
The operation fails with the message:
psql: FATAL: Peer authentication failed for user "postgres"
I read I should edit the pg_hba.conf file. The problem starts here, because I don't have any pg_hba.conf file on my system. The only similar file I have found is /usr/share/postgresql/10/pg_hba.conf.sample but it doesn't contain any code, just comments.
So what I did was create a pg_hba.conf in this same directory with the contents:
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
I also put the same into pg_hba.conf.sample (although I don't think this file is used anyhow but anyways..)
Then, I restarted the server with:
sudo service postgresql restart
Nothing changed, I'm getting the same error.
Then, I tried all possible combinations in pg_hba.conf, from 'trust' to 'md5', 'localhost', 127.0.0.1, anything I could find on the internet. Even created new users and tried with those, also installed pgadmin to grant all access to all users to every database.... Restarted the OS, reinstalled postgres, tried everything again and again..
The problem still persist.
Anything else I could try? Is there a way to disable the authentication entirely?
It's meant to be a database for local testing purposes only, and I've been trying for three hours just to get it to work.
I'm trying to publish my asp.net core app onto a linux (Centos) machine. This is just a local virtual machine while I iron out the issues.
I've gone through all the steps I think are needed, but when I try to run the app, I get the error:
Unhandled Exception: System.AggregateException: One or more errors occurred. (28000: Ident authentication failed for user "postgres") ---> Npgsql.PostgresException: 28000: Ident authentication failed for user "postgres"
For the life of me I cant work out whats going on. As this is just a VM test environment, I have set up every password (my user, root, both postgres passwords) the same. So its unlikely I am mixing them up.
The connection string I'm using is:
"User ID=postgres;Password=password;Host=localhost;Port=5432;Database=cp1;Pooling=true;"
The contents of my pg_hba.conf files are:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
host all all 127.0.0.1/32 password
local all postgres peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
A few of the lines at the end where added by myself in desperation.
I'm running out of things to try. Can anyone suggest what might be causing this?
Thanks.
I managed to work this out. I had to remove the "ident" entries, not just add md5 entries.
As soon as I commented out the two ident entries, it started working.
I'm a french student and I have a little problem.
So I'm using Nagios with check_postgres plugin (here : https://exchange.nagios.org/directory/Plugins/Databases/PostgresQL/check_postgres/details)
So I'm using this plugin with command like this :
check_postgres.pl -u postgres -db bddprojet --action database_size -w $1000000 -c 10000000
It only works if I'm logged as postgres in ubuntu (su postgres), so no problem.
But when I want to add the plugin to Nagios, I have an error message:
ERROR: FATAL: Peer authentication failed for user "postgres"
I have exactly the same error message if I'm logged as 'root' on ubuntu when I use the command above.
I already check my pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
host all all 10.0.2.15/32 trust
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
local all postgres trust
# IPv6 local connections:
host all all ::1/128 md5
I really need help, thanks in advance. Sorry for my poor english
the line local all postgres trust makes sure that access to all databases by the postgresql user postgres are allowed without password. By default this is "peer" instead of "trust" which then only allows access with the postgresql ubuntu user. Did you restart the postgresql server after making this change ?
The postgresql server needs to be restarted after a pg_hba.conf change.
You'll have to move the line
local all postgres trust
up above the other local line and reload the server.
Lines in pg_hba.conf are processed top to bottom, and the first matching line is used.
The error message shows that you forgot to reload the server after editing the file.
I followed this tutorial.
I managed to set up everything and do exactly as it was mentioned in the tutorial.
But when I tried to connect to it using PGADMIN 4, i get connection time and out and I was never able to fix it.
then I found this link, which has the following command:
sudo -i -u postgres
psql
\conninfo
then I cans see the following message:
You are connected to database "postgres" as user "postgres" via socket in "/var/run/postgresql" at port "5432".
So I dont understand what is wrong now and when I type:
sudo nano ../../etc/postgresql/9.3/main/pg_hba.conf
to see the content of the file and I put my password, its not being accepted.
Then I restart everything by closing the window and open it again, then I can check out the file:
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
# IPv4 remote connections for the tutorial:
#host all all 127.0.0.1/32 md5
#host all all 35.196.55.208/32 md5
host all all all md5
The last 4 lines I've added to fix the problem, but nothing yet.
What am I doing wrong? I'm looking at many tutorials, and also several pages from Stack Overflow but still nothing!
You have not provided permission to connect remotely.
In the given tutorial, Connecting remotely section it is clearly mentioned that you need to provide your IP address in the pg_hba.conf file.
Replace [YOUR_IPV4_ADDRESS] with the address of your local computer.
Also, In the Instances page in the Google Cloud Platform Console, click the
instance to open its Overview page. Select the Authorization tab.
Under Authorized networks, click Add network and enter the IP address
of the client machine where your client is installed. Click Done, then
click Save at the bottom of your page to save your changes. Connect to
your instance, either with SSL or without SSL.
Provide your IP address in the pg_hba.conf file, Restart Postgres service and try again.
I'm trying to register new server in pgadmin3 with following settings:
Name: postgres
Host: localhost
Username: postgres
Password: <password which works for psql>
Service: empty or postgres
But it shows error:
FATAL: Ident authentification failed for user "postgres"
I've restarted postgresql service, but to no avail.
Contents of /var/lib/pgsql/data/pg_hba.conf:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 ident
EDIT: Tools -> Server Configuration -> pg_hba.conf is greyed out.
It looks like PgAdmin-III is probably connecting over IPv6 by default, so it's using the ident line that matches the IPv6 address for localhost, ::1/128.
If you want to use password authentication, you probably want:
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
I'm not sure why you have the unix domain socket line set to trust, but that's probably OK if it's just a development machine, so leave it unchanged. It's really much safer to have it as ident (if you want the unix user to have to be the same as the Pg user) or md5 (for password auth on local unix sockets) though.
You'll need to edit pg_hba.conf directly in a text editor if PgAdmin-III doesn't have permissions to edit it. You could run PgAdmin-III as user postgres via sudo, but it's way safer (and probably easier) to just use nano or a similar command-line text editor to modify pg_hba.conf.
The password works for psql because psql will, unless told otherwise, connect over a unix domain socket, and you have that set to trust. You'll probably find you could give any password to psql and it'll still work, because it's never being asked to actually give the password, it's just being automatically trusted.
Yes this type of error is seen by every newbie user to pgadmin.
I have found this solution and it worked for me.
sudo -u postgres psql
This will ask for your system password and then you will get the postgres prompt.
and then in psql type below command to change the password.
\password
now enter the new password and re-enter it.
PostGreSQL Account Debugging Steps (Linux Specific):
Make sure you actually have it installed (not just the client, the server too).
Make sure it is running.
Make sure you know where this is - usually in /var/lib/pgsql/data - however this could be anywhere - /var/lib/pgsql/unrelated-instance. Check your postgres process to see which directory (-D argument) this is.
Modify the pg_hba.conf file in the directory from the last step. I have no idea why this step isn't in the postgres documentation.
The specific configuration has been covered in e.g. Jay and Craig Ringer's answer. Make sure to configure both IPV4 and IPV6.
Restart the server.
Test that your configuration worked. Repeat 5-7 until you can login successfully.
Important Don't stop! Now you should configure a more secure password option - postgres may be fine for doing quick local setup, but you want to be using a more secure, configurable authentication mechanism, like LDAP, Kerberos, or GSSAPI. Additionally, you want to make sure you have SSL turned on.