Skip site navigation (1) Skip section navigation (2)

Postgres 9.1 client authentication for local, no password required?

From: Wujek Srujek <wujek(dot)srujek(at)googlemail(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: Postgres 9.1 client authentication for local, no password required?
Date: 2012-01-05 19:56:18
Message-ID: CAAuGTBgLwZY2M1fvmJJ_OqvVCZ51VkFz=Dzyi4bWr7WMWfRVtA@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
Hi. I am using Postgres 9.1 on Ubuntu 11.10 64bit. I have a question about
client authentication.
After installing the server, and setting the postgres password to encrypted
'postgres', I made sure I can log in like that. Then, I edited the
/etc/postgres/9.1/main/pg_hba.conf file to contain just this single like:

local   all             all                                     md5

According to these sources:
http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html
http://www.postgresql.org/docs[...]uth-methods.html#AUTH-PASSWORD

this means (at least that's how I understand it):
1. local - it allows only connections using unix domain sockets
2. first all - access to all databases
3. second all - for every user
4. md5 - requires providing a password for a login

But now, I am trying to connect as a normal user:

psql -d postgres -U postgres

and it connects without ever asking for a password! (The password works
fine when I force it with -W, so this part is ok.)

If I add a line for TCP/IP connections (with 'host' at the beginning) it
does ask for the password, so it looks like the behavior I am experiencing
has something to do with domain socket, but I am not sure.

The user that I installed Postgres with and tried logging in was the same,
and it was in the admin group, so it had the sudoer privilage. I thought it
had something to do with that, so I created another user, who wasn't a
sudoer - and I had to give the password. But then, when I added the admin
group to the user (which adds it to sudoers on my machine), I still had to
specify the password (and sudo works fine), which would imply that it was a
dead end.

The thing makes me a little nervous, because I apparently can't configure
my server correctly, there is something that I don't understand here ;d I
would like to ask you about what is this strange behavior caused by.

wujek

Responses

pgsql-admin by date

Next:From: Guillaume LelargeDate: 2012-01-05 20:51:09
Subject: Re: Postgres 9.1 client authentication for local, no password required?
Previous:From: Walter HurryDate: 2012-01-05 18:50:15
Subject: Re: Drop Schema from Postgres

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group