Skip site navigation (1) Skip section navigation (2)

Re: Postgres 9.1 client authentication for local, no password required?

From: Guillaume Lelarge <guillaume(at)lelarge(dot)info>
To: Wujek Srujek <wujek(dot)srujek(at)googlemail(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Postgres 9.1 client authentication for local, no password required?
Date: 2012-01-05 20:51:09
Message-ID: 1325796669.2290.2.camel@localhost.localdomain (view raw or flat)
Thread:
Lists: pgsql-admin
On Thu, 2012-01-05 at 20:56 +0100, Wujek Srujek wrote:
> Hi. I am using Postgres 9.1 on Ubuntu 11.10 64bit. I have a question about
> client authentication.
> After installing the server, and setting the postgres password to encrypted
> 'postgres', I made sure I can log in like that. Then, I edited the
> /etc/postgres/9.1/main/pg_hba.conf file to contain just this single like:
> 
> local   all             all                                     md5
> 
> According to these sources:
> http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html
> http://www.postgresql.org/docs[...]uth-methods.html#AUTH-PASSWORD
> 
> this means (at least that's how I understand it):
> 1. local - it allows only connections using unix domain sockets
> 2. first all - access to all databases
> 3. second all - for every user
> 4. md5 - requires providing a password for a login
> 
> But now, I am trying to connect as a normal user:
> 
> psql -d postgres -U postgres
> 
> and it connects without ever asking for a password! (The password works
> fine when I force it with -W, so this part is ok.)
> 
> If I add a line for TCP/IP connections (with 'host' at the beginning) it
> does ask for the password, so it looks like the behavior I am experiencing
> has something to do with domain socket, but I am not sure.
> 
> The user that I installed Postgres with and tried logging in was the same,
> and it was in the admin group, so it had the sudoer privilage. I thought it
> had something to do with that, so I created another user, who wasn't a
> sudoer - and I had to give the password. But then, when I added the admin
> group to the user (which adds it to sudoers on my machine), I still had to
> specify the password (and sudo works fine), which would imply that it was a
> dead end.
> 

My guess would be that you have a .pgpass file on your first user's home
directory, and not on the new one.
 
Sot, first, try to check if there is a $HOME/.pgpass file for your first
user.


-- 
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
PostgreSQL Sessions #3: http://www.postgresql-sessions.org


In response to

Responses

pgsql-admin by date

Next:From: TripuraDate: 2012-01-05 20:58:19
Subject: Re: Drop Schema from Postgres
Previous:From: Wujek SrujekDate: 2012-01-05 19:56:18
Subject: Postgres 9.1 client authentication for local, no password required?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group