Re: Postgres 9.1 client authentication for local, no password required? - Mailing list pgsql-admin

From Guillaume Lelarge
Subject Re: Postgres 9.1 client authentication for local, no password required?
Date
Msg-id 1325796669.2290.2.camel@localhost.localdomain
Whole thread Raw
In response to Postgres 9.1 client authentication for local, no password required?  (Wujek Srujek <wujek.srujek@googlemail.com>)
Responses Re: Postgres 9.1 client authentication for local, no password required?
List pgsql-admin
On Thu, 2012-01-05 at 20:56 +0100, Wujek Srujek wrote:
> Hi. I am using Postgres 9.1 on Ubuntu 11.10 64bit. I have a question about
> client authentication.
> After installing the server, and setting the postgres password to encrypted
> 'postgres', I made sure I can log in like that. Then, I edited the
> /etc/postgres/9.1/main/pg_hba.conf file to contain just this single like:
>
> local   all             all                                     md5
>
> According to these sources:
> http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html
> http://www.postgresql.org/docs[...]uth-methods.html#AUTH-PASSWORD
>
> this means (at least that's how I understand it):
> 1. local - it allows only connections using unix domain sockets
> 2. first all - access to all databases
> 3. second all - for every user
> 4. md5 - requires providing a password for a login
>
> But now, I am trying to connect as a normal user:
>
> psql -d postgres -U postgres
>
> and it connects without ever asking for a password! (The password works
> fine when I force it with -W, so this part is ok.)
>
> If I add a line for TCP/IP connections (with 'host' at the beginning) it
> does ask for the password, so it looks like the behavior I am experiencing
> has something to do with domain socket, but I am not sure.
>
> The user that I installed Postgres with and tried logging in was the same,
> and it was in the admin group, so it had the sudoer privilage. I thought it
> had something to do with that, so I created another user, who wasn't a
> sudoer - and I had to give the password. But then, when I added the admin
> group to the user (which adds it to sudoers on my machine), I still had to
> specify the password (and sudo works fine), which would imply that it was a
> dead end.
>

My guess would be that you have a .pgpass file on your first user's home
directory, and not on the new one.

Sot, first, try to check if there is a $HOME/.pgpass file for your first
user.


--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
PostgreSQL Sessions #3: http://www.postgresql-sessions.org


pgsql-admin by date:

Previous
From: Wujek Srujek
Date:
Subject: Postgres 9.1 client authentication for local, no password required?
Next
From: Wujek Srujek
Date:
Subject: Re: Postgres 9.1 client authentication for local, no password required?