Skip site navigation (1) Skip section navigation (2)

Re: Postgres 9.1 client authentication for local, no password required?

From: Wujek Srujek <wujek(dot)srujek(at)googlemail(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: Postgres 9.1 client authentication for local, no password required?
Date: 2012-01-05 21:00:37
Message-ID: CAAuGTBhFV=npKz1+MQe2awaHtKUtZsj+PRU35+V51M78gmr+iA@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-admin
Hi. Yes, there is such a file, and yes, it is the 'special' thing I was
looking for. Thanks you very much for the tip, I did some reading about it.
Who created this feature for me? Could it be the ubuntu installation
process?

wujek

On Thu, Jan 5, 2012 at 9:51 PM, Guillaume Lelarge <guillaume(at)lelarge(dot)info>wrote:

> On Thu, 2012-01-05 at 20:56 +0100, Wujek Srujek wrote:
> > Hi. I am using Postgres 9.1 on Ubuntu 11.10 64bit. I have a question
> about
> > client authentication.
> > After installing the server, and setting the postgres password to
> encrypted
> > 'postgres', I made sure I can log in like that. Then, I edited the
> > /etc/postgres/9.1/main/pg_hba.conf file to contain just this single like:
> >
> > local   all             all                                     md5
> >
> > According to these sources:
> > http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html
> > http://www.postgresql.org/docs[...]uth-methods.html#AUTH-PASSWORD
> >
> > this means (at least that's how I understand it):
> > 1. local - it allows only connections using unix domain sockets
> > 2. first all - access to all databases
> > 3. second all - for every user
> > 4. md5 - requires providing a password for a login
> >
> > But now, I am trying to connect as a normal user:
> >
> > psql -d postgres -U postgres
> >
> > and it connects without ever asking for a password! (The password works
> > fine when I force it with -W, so this part is ok.)
> >
> > If I add a line for TCP/IP connections (with 'host' at the beginning) it
> > does ask for the password, so it looks like the behavior I am
> experiencing
> > has something to do with domain socket, but I am not sure.
> >
> > The user that I installed Postgres with and tried logging in was the
> same,
> > and it was in the admin group, so it had the sudoer privilage. I thought
> it
> > had something to do with that, so I created another user, who wasn't a
> > sudoer - and I had to give the password. But then, when I added the admin
> > group to the user (which adds it to sudoers on my machine), I still had
> to
> > specify the password (and sudo works fine), which would imply that it
> was a
> > dead end.
> >
>
> My guess would be that you have a .pgpass file on your first user's home
> directory, and not on the new one.
>
> Sot, first, try to check if there is a $HOME/.pgpass file for your first
> user.
>
>
> --
> Guillaume
> http://blog.guillaume.lelarge.info
> http://www.dalibo.com
> PostgreSQL Sessions #3: http://www.postgresql-sessions.org
>
>

In response to

Responses

pgsql-admin by date

Next:From: Guillaume LelargeDate: 2012-01-05 21:18:58
Subject: Re: Postgres 9.1 client authentication for local, no password required?
Previous:From: TripuraDate: 2012-01-05 20:58:19
Subject: Re: Drop Schema from Postgres

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group