On 9/10/24 16:21, Chris Miller wrote:
> Hi Folks,
>
> I am confused about authentication. I understand that in the local
> connection case, I have choices of “peer”, and “md5” (password).
>
>
> In pg_hba.conf, I have the lines:
>
>
> local all all peer
>
> local all all md5
>
>
> I have an OS user “postgres”, and I can “su – postgres”, which brings me
> to a shell and I can invoke psql successfully.
>
>
> I believe that, as root, I should be able to “psql -U postgres -W” and
> logon with a password. I can’t. When I try, I get:
>
>
> psql: error: connection to server on socket
> "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication
> failed for user "postgres"
>
>
> Notice I am failing “peer” authentication. Seems to me that if I
> explicitly ask for a password, “-W”, I should be using “md5” authentication.
First match wins loses in this case. The entries are processed top to
bottom the first the one matches in this case:
local all all peer
Per
https://www.postgresql.org/docs/16/auth-pg-hba-conf.html
"The first record with a matching connection type, client address,
requested database, and user name is used to perform authentication.
There is no “fall-through” or “backup”: if one record is chosen and the
authentication fails, subsequent records are not considered. If no
record matches, access is denied."
The -W is a no-op per:
https://www.postgresql.org/docs/16/app-psql.html
-W
--password
Force psql to prompt for a password before connecting to a
database, even if the password will not be used.
>
>
> Can anybody straighten me out?
>
>
> Thanks for the help,
> --
> Chris.
--
Adrian Klaver
adrian.klaver@aklaver.com