Re: Why password authentication failed for user "postgres"?

On Sun, Jun 5, 2022 at 4:06 PM Frank Finner <postgresql(at)finner(dot)de> wrote:

> If you use -U with psql, the connection must not try to use method "peer"
> (which means "use the system user with this name", but also means "You must
> be logged in with the system user corresponding to the postgresql user"),
> but some kind of authorization, like md5, and use it with IP address.
>
This is simply wrong (though I suppose only in a corner case). You must
connect via socket but peer authentication can still work. In particular,
so long as the value specified for "-U" is your operating system user name
the connection will work just the same as if you didn't specify -U at all
and instead relied on the psql default behavior of using your operating
system user name for the value of user. In short, the server only knows
what value "user" has as part of the connection string - it has no
knowledge of how that value became set. However, it can prove that the
socket connection being requested is owned by a particular user.

I think (going from memory at the moment) you can get the main exception to
this rule via usage of pg_ident.conf (i.e., be logged in as "osuser" and
supply "-U postgres"; peer auth will work so long as osuser is mapped to
postgres and you connect via the socket (i.e., local, not host).

David J.