Re: source of connection fails at pg startup?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stuart McGraw <smcg4191(at)mtneva(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: source of connection fails at pg startup?
Date: 2018-05-22 13:58:16
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-general

Stuart McGraw <smcg4191(at)mtneva(dot)com> writes:
> When I start my postgresql server I get 11 messages reporting that "password
> authentication failed for user 'postgres'" spaced about ~.5sec apart.

Sounds like the trace of something probing the postmaster to see if it's
ready yet. Pre-v10 versions of pg_ctl did exactly that, but with a
1-second wait interval, so this couldn't be pg_ctl itself (even if you
hadn't specified this is v10).

> This is on a Ububuntu-18.04 machine with postgresql-10.3 from Ubuntu. As distributed
> the pg_hba.conf line mentioned used "peer" authentication method, I have changed to
> "md5". When I change back to "peer" the error messages go away.

In that case, whatever is doing it is running as the postgres user.

Putting all this together, I'd bet on the connections coming from an
Ubuntu-specific startup script. Poke around in their PG start script
for something like a pg_isready call in a loop with an 0.5 second wait.

I imagine that undoing that would be rather difficult, even if you
wanted to run with a locally-modified script. They probably had a
reason why they didn't want to leave it to pg_ctl to do the waiting.

Personally, my recommendation would be to go back to "peer" auth,
at least for local connections by postgres. There is no reason
to think that passwords are a more secure approach: password
management is a hard problem, especially for automated connections
like these.

regards, tom lane

In response to


Browse pgsql-general by date

  From Date Subject
Next Message Paolo Crosato 2018-05-22 14:18:20 Error on vacuum: xmin before relfrozenxid
Previous Message Melvin Davidson 2018-05-22 13:49:05 Re: Help in Postgresql