While running the server, I am unable to view the layers in GeoServer. I checked the Enabled checkbox, and still I am unable to view the map.
If I login once again into GeoServer, the Enabled checkbox is unchecked.
The below error which I got in logs after starting the Apache Tomcat Server:
Caused by: java.lang.RuntimeException: Unable to obtain connection: Cannot create PoolableConnectionFactory (FATAL: password authentication failed for user "postgres")
Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create PoolableConnectionFactory (FATAL: password authentication failed for user "postgres")
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres"
ERROR [geotools.jdbc] - There's code using JDBC based datastore and not disposing them. This may lead to temporary loss of database connections. Please make sure all data access code calls DataStore.dispose() before freeing all references to it.
The one thing that can cause this suddenly is password expiration in PostgreSQL, though this is not typical. Most likely the password changed on one of the sides, so check that first.
PostgreSQL allows you to specify that a password expires at a specific timestamp. So you can:
ALTER USER foo WITH PASSWORD 'bar' VALID UNTIL 'tomorrow';
And foo will be able to log in with the password 'bar' until the next day at system time....
So if you can verify that the password did not change on both sides, try this:
ALTER USER foo WITH VALID UNTIL 'infinity';
Of course substitute your real user for foo. This will clear any expiration, or rather move the expiration time indefinitely into the future.
I think this is likely to be that the postgres user is configured to only accept logins from the local machine. You will need to configure it to accept logins from the machine name or ip address you are logining in from or even better create a new user that has only the required permissions to login rather than using the deffault admin postgres user. Even if you are on the same machine using eclipse may be making it look as though you are coming from a different machine depending on your configuration.
Please see here and here about configuring this type of access
Related
I have a fresh install of a database on AWS. I have installed PG Admin 4 for Web and set up for a user login. This works.
I find it is not possible to connect to the localhost database using 'postgres' as a user, without a password. This appears to be enforced by the dialog. Is there a way around this enforcement? How would a user only having web access ALTER this ROLE? I would expect this to be relaxed for the initial login.
The database is local to the webserver and the web server is remote for the user.
TL:DR This logon is not a peer logon as the postgres *nix user.
It's a gap in the install. A manual step will always be required to add a password for postgres for anyone wanting to use the interface for initial USER/ROLE creation. It would be nice to have had this opportunity in the setup script.
I suppose it is expected that most administrators would also add other users/roles at this time and these would be supplied to the users. Changes to config files would still be managed. They are not getting shell access.
I use pg_ident.conf (PostgreSQL 12, OS Windows Server 2019) file to map users for SSPI this way:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
MapForSSPI someone#COMPANY someone
Recently I had to add new user, which I did exactly the same way as usual. I have created role "newsomeone" via pgAdmin, added membership properly, and added user into pg_ident.conf as:
MapForSSPI newsomeone#COMPANY newsomeone
But when this user tried to connect:
FATAL: role "NewSomeone" does not exist
Please be aware of CASE. With further testing I realized the OS login is really set up as NewSomeone#COMPANY, but what I really do not understand is why is this login with capital letters not mapped to my lowercase login "newsomeone". When I've created new role "NewSomeone" via pgAdmin without any change to pg_ident.conf, the connection is successful.
How is it possible that with PG-USERNAME "newsomeone" specified in lowercase in pg_ident.conf it looks for role "NewSomeone" (as in OS login)?
pg_ident.conf is there to allow the system-authenticated user to login as a specific requested database user, when the spelling of the two doesn't match. It is not there to rewrite the requested database user into a different database user.
As long as your client is demanding to login as database user "NewSomeone", either it will succeed as that user, or it will fail as that user. It will not pick a different name to log in as.
You need to fix your client connection code (which you didn't show) so that it attempts to log in with the correct spelling.
I am working on a project, there I need to dump a database from windows and need to restore it on a centos server.
Whenever I do that, there is some error.
Like - error reading database: (Unauthorized) not authorized on mydatabase to execute command
or
error connecting to host: could not connect to server: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed.
Both os have the same mongo version that is 4.2
How can I correct it?
The error not authorized on mydatabase to execute command indicates that either you have not authenticated, or the authenticated user has not been granted the appropriate permissions to execute that command.
Authentication failed means just that. The server side log may have more detail, like the user and database names used in the auth attempt.
To fix these, make sure:
you are providing authentication credentials
the user account you are using has already been created in the server
the user account has been granted permission for that command on the correct database/collection
The Security page in the docs might be a good place to start.
Could someone guide how to create following profile define rules in EDB Postgresql:
count failed login attempts
lock an account due to excessive failed login attempts
define rules for password complexity
define rules that limit password re-use
I assume you confuse Oracle profiles:
https://docs.oracle.com/cd/B19306_01/network.102/b14266/admusers.htm#i1007119
with PostgresEDB roles:
https://www.enterprisedb.com/docs/en/10/pg/user-manag.html
which have no profiles...
What you could check instead is postgresql role as is:
https://www.postgresql.org/docs/current/static/sql-createrole.html
CONNECTION LIMIT and VALID UNTIL are somewhat similar to Oracle profiles, but also they are very different - worth of reading
I have two databases set up as part of the same Postgresql 9.4 database cluster, and I'm trying to access a table in one of them from the other using a postgres_fdw. I have it all set up and working as a superuser, however when I try to access the foreign table as a normal user, I get the following error:
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
Now I understand that this is because I have the server set up with trust authentication for certain subnets, including Its own. However, in the 1 USER MAPPING I created, I did specify a password, with the hope that doing so would force it to use password authentication. No such luck apparently.
As such, my question is if there is any way around this somewhat onerous requirement? Is there a way to force this connection, or a specific user, or the like to use password authentication? Or some way to disable the requirement? Or is my only option to change the configuration to require passwords, and deal with whatever that breaks?
As Nick Barnes pointed out in a comment, pg_hba allows different authentication rules for specific users. As such, the solution to this issue was to simply create a user specifically for these FDW connections, and set that user in the pg_hba.conf to require a password. That way my trusted web apps on the trusted network can continue connecting as usual, but the FDW can get the password request it requires.
You can't force FDW to use a password: the server on the other end must request the password. the usual default for local socket connections is no password.
Try connecting via TCP instead of using local sockets: add host=localhost to the connection parameters, that will usually fix it.