Thread: create user, user exists
I'm having a bit of authentication trouble. I'm trying to use 'crypt' authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows: #local all trust local all crypt passtest When I do 'local all trust', everything works fine. When I invert the comment, it doesn't. I created file passtest using pg_passwd, with the following ownerships/permissions. I've recreated it several times, to make sure I didn't make a typo when I entered the password. -rw-rw-r-- 1 postgres postgres 43 Mar 16 12:38 passtest 1006$ psql -d rpeterso -U rpeterso -W Password: Welcome to psql, the PostgreSQL interactive terminal. ... (switch to 'local all crypt passtest') rpeterso@pagoda ~ 1007$ psql -d rpeterso -U rpeterso -W Password: psql: Password authentication failed for user 'rpeterso' Am I missing something? -Ron- GPG and other info at: http://www.yellowbank.com/
If I do alter user rpeterso with password 'thepassword'; Things start working. So it's as if the [AUTH_ARGUMENT] is being ignored. Has this been depricated? -Ron- On Fri, 16 Mar 2001, Ron Peterson wrote: > > I'm having a bit of authentication trouble. I'm trying to use 'crypt' > authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows: > > #local all trust > local all crypt passtest > > When I do 'local all trust', everything works fine. When I invert the > comment, it doesn't. > > I created file passtest using pg_passwd, with the following > ownerships/permissions. I've recreated it several times, to make sure > I didn't make a typo when I entered the password. > > -rw-rw-r-- 1 postgres postgres 43 Mar 16 12:38 passtest > > 1006$ psql -d rpeterso -U rpeterso -W > Password: > Welcome to psql, the PostgreSQL interactive terminal. > ... > > (switch to 'local all crypt passtest') > > rpeterso@pagoda ~ > 1007$ psql -d rpeterso -U rpeterso -W > Password: > psql: Password authentication failed for user 'rpeterso' > > Am I missing something? > > -Ron- > GPG and other info at: http://www.yellowbank.com/
Ron Peterson writes: > > If I do > > alter user rpeterso with password 'thepassword'; > > Things start working. So it's as if the [AUTH_ARGUMENT] is being ignored. > Has this been depricated? http://www.postgresql.org/devel-corner/docs/postgres/auth-methods.html#AEN13196 > > -Ron- > > On Fri, 16 Mar 2001, Ron Peterson wrote: > > > > > I'm having a bit of authentication trouble. I'm trying to use 'crypt' > > authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows: > > > > #local all trust > > local all crypt passtest > > > > When I do 'local all trust', everything works fine. When I invert the > > comment, it doesn't. > > > > I created file passtest using pg_passwd, with the following > > ownerships/permissions. I've recreated it several times, to make sure > > I didn't make a typo when I entered the password. > > > > -rw-rw-r-- 1 postgres postgres 43 Mar 16 12:38 passtest > > > > 1006$ psql -d rpeterso -U rpeterso -W > > Password: > > Welcome to psql, the PostgreSQL interactive terminal. > > ... > > > > (switch to 'local all crypt passtest') > > > > rpeterso@pagoda ~ > > 1007$ psql -d rpeterso -U rpeterso -W > > Password: > > psql: Password authentication failed for user 'rpeterso' > > > > Am I missing something? > > > > -Ron- > > GPG and other info at: http://www.yellowbank.com/ > > -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
Ron Peterson <ron.peterson@yellowbank.com> writes:
> I'm having a bit of authentication trouble. I'm trying to use 'crypt'
> authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows:
IIRC, you can't use crypt with a flat password file, you have to use
plain passwd authentication. (On a local connection there's not much
point in crypt anyway...)
BTW, it may help to look in the postmaster log; for many authentication
failures, the error message sent to the client is deliberately not
telling all. The message recorded in the log may have additional
details.
regards, tom lane
From: "Ron Peterson" <ron.peterson@yellowbank.com> > I'm having a bit of authentication trouble. I'm trying to use 'crypt' > authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows: > > #local all trust > local all crypt passtest > > When I do 'local all trust', everything works fine. When I invert the > comment, it doesn't. > > Am I missing something? Don't think so - I'm still on 7.1b3 and I get the same result. If I change crypt to password everything is fine. For "local" it shouldn't make much difference. Haven't had time to test it over a network. - Richard Huxton
Tom Lane wrote: > > Ron Peterson <ron.peterson@yellowbank.com> writes: > > I'm having a bit of authentication trouble. I'm trying to use 'crypt' > > authentication. PostgreSQL 7.1beta5. My pg_hba.conf is as follows: > > IIRC, you can't use crypt with a flat password file, you have to use > plain passwd authentication. (On a local connection there's not much > point in crypt anyway...) > > BTW, it may help to look in the postmaster log; for many authentication > failures, the error message sent to the client is deliberately not > telling all. The message recorded in the log may have additional > details. I misunderstood the difference between 'crypt' and 'password'. I thought they both did a flat password file, and 'crypt' crypted the passwords, and 'password' didn't. Instead, 'crypt' encrypts passwords sent over the wire, and 'password' authenticates against a flat (crypted) password file, rather than pg_shadow. So local+crypt doesn't make a lot of sense, obviously. So now I'm trying to decide whether I want to use 'password' or pg_shadow for user authentication. Using 'password' seems like a broad (and easily managed) brush, while using groups would give me a finer degree of control over permission settings. I'm using ssl for my remote connections, so the whole 'crypt' thing is irrelevant. -Ron- GPG and other info at: http://www.yellowbank.com/
Ron Peterson writes: > So now I'm trying to decide whether I want to use 'password' or > pg_shadow for user authentication. Using 'password' seems like a broad > (and easily managed) brush, while using groups would give me a finer > degree of control over permission settings. The ability to use groups has nothing to do with the authentication method used. -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/