Thread: No pg_hba.conf entry for host localhost (was: Re: createused + createdb problems with passwords)
No pg_hba.conf entry for host localhost (was: Re: createused + createdb problems with passwords)
From
Date:
Hello, Thank you - this morning I managed to create both a DB user and a DB. However, I am still puzzled by this error that I am getting now: [otis]$ psql MYDB psql: FATAL: No pg_hba.conf entry for host localhost, user otis, database MYDB On the other hand, "psql -h 127.0.0.1 MYDB" works! Here is the relevant data: # pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't work) host MYDB otis 127.0.0.1 255.255.255.0 md5 $ grep localhost /etc/hosts 127.0.0.1 localhost.localdomain localhost $ hostname -i MY.IP.IS.HERE (real, external IP, not 127....) All I am trying to do is this: - Don't allow external connections (got firewall, too, but multiple layers of security shouldn't hurt) - Require even the local client to use username/password authentication with md5 Thanks, Otis --- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote: > On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote: > > > Hello, > > > > I have created PostgreSQL databases and users a number of times, > but > > I'm having trouble with that on a new server with Postgresql 7.3.4. > > > > I am trying to create a DB user (createuser) and a database itself > > (createdb): > > > > bash-2.05b$ whoami > > postgres > > > > bash-2.05b$ tail -5 ~postgres/data/pg_hba.conf > > host all all MY.IP.IS.HERE 255.255.255.255 md5 > > > > bash-2.05b$ createuser -h MY.IP.IS.HERE otis > > Shall the new user be allowed to create databases? (y/n) n > > Shall the new user be allowed to create more new users? (y/n) n > > Password: > > psql: FATAL: Password authentication failed for user "postgres" > > > > createuser: creation of user "otis" failed > > > > -- Question: what password am I supposed to enter here? > > -- I suppose it's the postgres user's _DB_ password - but how do I > know > > what it is? I didn't set it. > > Well you need to connect as a user with create user priviledges, i.e. > a db > superuser, in order to create your new user. If there isn't such a > user you > know the password for you'll have to ask the dba to do it for you. > > If you are the dba then you must already know the postgres password. > If you > have forgotten the password temporarily change md5 to trust in the > pg_hba.conf > file, restart the server and change the superusers password to a new > one. Don't > forget to restart the server after changing the pg_hba.conf entry > back to md5. > > Alternatively, check that the localhost entry isn't already set to > trust and > just don't specify the server ip address for the commands. If it > isn't set to > trust already do the md5 --> trust --> md5 thing with that entry > instead of the > one above. (From the use of MY.IP.IS.HERE in your snippets I presume > you are > running these utilities on the same system as the server is running). > > > > > > bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev > > Password: > > psql: FATAL: Password authentication failed for user "postgres" > > > > createdb: database creation failed > > > > -- Question: what password am I supposed to enter here? > > Same as for createuser > > > > > > > Thank you, > > Otis >
Hi, I am not sure but have you tried adding to your pg_hosts.conf the following form: #local DATABASE USER METHOD [OPTION] local MYDB otis md5 Cheers! Dexter Tad-y On Wed, 2004-03-24 at 18:37, ogjunk-pg@yahoo.com wrote: > Hello, > > Thank you - this morning I managed to create both a DB user and a DB. > > However, I am still puzzled by this error that I am getting now: > > [otis]$ psql MYDB > psql: FATAL: No pg_hba.conf entry for host localhost, user otis, > database MYDB > > On the other hand, "psql -h 127.0.0.1 MYDB" works! > > Here is the relevant data: > > # pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't work) > host MYDB otis 127.0.0.1 255.255.255.0 md5 > > $ grep localhost /etc/hosts > 127.0.0.1 localhost.localdomain localhost > > $ hostname -i > MY.IP.IS.HERE (real, external IP, not 127....) > > > All I am trying to do is this: > > - Don't allow external connections > (got firewall, too, but multiple layers of security shouldn't hurt) > - Require even the local client to use username/password > authentication with md5 > > Thanks, > Otis > > > --- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote: > > On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote: > > > > > Hello, > > > > > > I have created PostgreSQL databases and users a number of times, > > but > > > I'm having trouble with that on a new server with Postgresql 7.3.4. > > > > > > I am trying to create a DB user (createuser) and a database itself > > > (createdb): > > > > > > bash-2.05b$ whoami > > > postgres > > > > > > bash-2.05b$ tail -5 ~postgres/data/pg_hba.conf > > > host all all MY.IP.IS.HERE 255.255.255.255 md5 > > > > > > bash-2.05b$ createuser -h MY.IP.IS.HERE otis > > > Shall the new user be allowed to create databases? (y/n) n > > > Shall the new user be allowed to create more new users? (y/n) n > > > Password: > > > psql: FATAL: Password authentication failed for user "postgres" > > > > > > createuser: creation of user "otis" failed > > > > > > -- Question: what password am I supposed to enter here? > > > -- I suppose it's the postgres user's _DB_ password - but how do I > > know > > > what it is? I didn't set it. > > > > Well you need to connect as a user with create user priviledges, i.e. > > a db > > superuser, in order to create your new user. If there isn't such a > > user you > > know the password for you'll have to ask the dba to do it for you. > > > > If you are the dba then you must already know the postgres password. > > If you > > have forgotten the password temporarily change md5 to trust in the > > pg_hba.conf > > file, restart the server and change the superusers password to a new > > one. Don't > > forget to restart the server after changing the pg_hba.conf entry > > back to md5. > > > > Alternatively, check that the localhost entry isn't already set to > > trust and > > just don't specify the server ip address for the commands. If it > > isn't set to > > trust already do the md5 --> trust --> md5 thing with that entry > > instead of the > > one above. (From the use of MY.IP.IS.HERE in your snippets I presume > > you are > > running these utilities on the same system as the server is running). > > > > > > > > > > bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev > > > Password: > > > psql: FATAL: Password authentication failed for user "postgres" > > > > > > createdb: database creation failed > > > > > > -- Question: what password am I supposed to enter here? > > > > Same as for createuser > > > > > > > > > > > Thank you, > > > Otis > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
Hi, I am not sure but have you tried adding to your pg_hba.conf the following form: #local DATABASE USER METHOD [OPTION] local MYDB otis md5 Cheers! Dexter Tad-y > On Wed, 2004-03-24 at 18:37, ogjunk-pg@yahoo.com wrote: > > Hello, > > > > Thank you - this morning I managed to create both a DB user and a DB. > > > > However, I am still puzzled by this error that I am getting now: > > > > [otis]$ psql MYDB > > psql: FATAL: No pg_hba.conf entry for host localhost, user otis, > > database MYDB > > > > On the other hand, "psql -h 127.0.0.1 MYDB" works! > > > > Here is the relevant data: > > > > # pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't work) > > host MYDB otis 127.0.0.1 255.255.255.0 md5 > > > > $ grep localhost /etc/hosts > > 127.0.0.1 localhost.localdomain localhost > > > > $ hostname -i > > MY.IP.IS.HERE (real, external IP, not 127....) > > > > > > All I am trying to do is this: > > > > - Don't allow external connections > > (got firewall, too, but multiple layers of security shouldn't hurt) > > - Require even the local client to use username/password > > authentication with md5 > > > > Thanks, > > Otis > > > > > > --- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote: > > > On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote: > > > > > > > Hello, > > > > > > > > I have created PostgreSQL databases and users a number of times, > > > but > > > > I'm having trouble with that on a new server with Postgresql 7.3.4. > > > > > > > > I am trying to create a DB user (createuser) and a database itself > > > > (createdb): > > > > > > > > bash-2.05b$ whoami > > > > postgres > > > > > > > > bash-2.05b$ tail -5 ~postgres/data/pg_hba.conf > > > > host all all MY.IP.IS.HERE 255.255.255.255 md5 > > > > > > > > bash-2.05b$ createuser -h MY.IP.IS.HERE otis > > > > Shall the new user be allowed to create databases? (y/n) n > > > > Shall the new user be allowed to create more new users? (y/n) n > > > > Password: > > > > psql: FATAL: Password authentication failed for user "postgres" > > > > > > > > createuser: creation of user "otis" failed > > > > > > > > -- Question: what password am I supposed to enter here? > > > > -- I suppose it's the postgres user's _DB_ password - but how do I > > > know > > > > what it is? I didn't set it. > > > > > > Well you need to connect as a user with create user priviledges, i.e. > > > a db > > > superuser, in order to create your new user. If there isn't such a > > > user you > > > know the password for you'll have to ask the dba to do it for you. > > > > > > If you are the dba then you must already know the postgres password. > > > If you > > > have forgotten the password temporarily change md5 to trust in the > > > pg_hba.conf > > > file, restart the server and change the superusers password to a new > > > one. Don't > > > forget to restart the server after changing the pg_hba.conf entry > > > back to md5. > > > > > > Alternatively, check that the localhost entry isn't already set to > > > trust and > > > just don't specify the server ip address for the commands. If it > > > isn't set to > > > trust already do the md5 --> trust --> md5 thing with that entry > > > instead of the > > > one above. (From the use of MY.IP.IS.HERE in your snippets I presume > > > you are > > > running these utilities on the same system as the server is running). > > > > > > > > > > > > > > bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev > > > > Password: > > > > psql: FATAL: Password authentication failed for user "postgres" > > > > > > > > createdb: database creation failed > > > > > > > > -- Question: what password am I supposed to enter here? > > > > > > Same as for createuser > > > > > > > > > > > > > > > Thank you, > > > > Otis > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org > > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org
Hello, Yes, I did add such an entry to pg_hba.conf: local MYDB otis md5 However, how secure is that? Is this considered secure? I suppose that if a cracker has broken into the DB server, he can always damage the DB by removing DB files, or he can steal them by copying DB files, and does not need to connect to DB as a client. But still.... is this considered secure? Thanks, Otis --- Dexter Tad-y <dexterbt1@my.smart.com.ph> wrote: > Hi, > I am not sure but have you tried adding to your pg_hosts.conf > the following form: > > #local DATABASE USER METHOD [OPTION] > local MYDB otis md5 > > Cheers! > > Dexter Tad-y > > On Wed, 2004-03-24 at 18:37, ogjunk-pg@yahoo.com wrote: > > Hello, > > > > Thank you - this morning I managed to create both a DB user and a > DB. > > > > However, I am still puzzled by this error that I am getting now: > > > > [otis]$ psql MYDB > > psql: FATAL: No pg_hba.conf entry for host localhost, user otis, > > database MYDB > > > > On the other hand, "psql -h 127.0.0.1 MYDB" works! > > > > Here is the relevant data: > > > > # pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't > work) > > host MYDB otis 127.0.0.1 255.255.255.0 md5 > > > > $ grep localhost /etc/hosts > > 127.0.0.1 localhost.localdomain localhost > > > > $ hostname -i > > MY.IP.IS.HERE (real, external IP, not 127....) > > > > > > All I am trying to do is this: > > > > - Don't allow external connections > > (got firewall, too, but multiple layers of security shouldn't > hurt) > > - Require even the local client to use username/password > > authentication with md5 > > > > Thanks, > > Otis > > > > > > --- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote: > > > On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote: > > > > > > > Hello, > > > > > > > > I have created PostgreSQL databases and users a number of > times, > > > but > > > > I'm having trouble with that on a new server with Postgresql > 7.3.4. > > > > > > > > I am trying to create a DB user (createuser) and a database > itself > > > > (createdb): > > > > > > > > bash-2.05b$ whoami > > > > postgres > > > > > > > > bash-2.05b$ tail -5 ~postgres/data/pg_hba.conf > > > > host all all MY.IP.IS.HERE 255.255.255.255 md5 > > > > > > > > bash-2.05b$ createuser -h MY.IP.IS.HERE otis > > > > Shall the new user be allowed to create databases? (y/n) n > > > > Shall the new user be allowed to create more new users? (y/n) n > > > > Password: > > > > psql: FATAL: Password authentication failed for user > "postgres" > > > > > > > > createuser: creation of user "otis" failed > > > > > > > > -- Question: what password am I supposed to enter here? > > > > -- I suppose it's the postgres user's _DB_ password - but how > do I > > > know > > > > what it is? I didn't set it. > > > > > > Well you need to connect as a user with create user priviledges, > i.e. > > > a db > > > superuser, in order to create your new user. If there isn't such > a > > > user you > > > know the password for you'll have to ask the dba to do it for > you. > > > > > > If you are the dba then you must already know the postgres > password. > > > If you > > > have forgotten the password temporarily change md5 to trust in > the > > > pg_hba.conf > > > file, restart the server and change the superusers password to a > new > > > one. Don't > > > forget to restart the server after changing the pg_hba.conf entry > > > back to md5. > > > > > > Alternatively, check that the localhost entry isn't already set > to > > > trust and > > > just don't specify the server ip address for the commands. If it > > > isn't set to > > > trust already do the md5 --> trust --> md5 thing with that entry > > > instead of the > > > one above. (From the use of MY.IP.IS.HERE in your snippets I > presume > > > you are > > > running these utilities on the same system as the server is > running). > > > > > > > > > > > > > > bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev > > > > Password: > > > > psql: FATAL: Password authentication failed for user > "postgres" > > > > > > > > createdb: database creation failed > > > > > > > > -- Question: what password am I supposed to enter here? > > > > > > Same as for createuser > > > > > > > > > > > > > > > Thank you, > > > > Otis > > > > > > > > > ---------------------------(end of > broadcast)--------------------------- > > TIP 1: subscribe and unsubscribe commands go to > majordomo@postgresql.org > > > ---------------------------(end of > broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org
El Mié 24 Mar 2004 10:25, ogjunk-pg@yahoo.com escribió:
> Hello,
>
> Yes, I did add such an entry to pg_hba.conf:
>
> local MYDB otis md5
>
> However, how secure is that?
> Is this considered secure?
>
> I suppose that if a cracker has broken into the DB server, he can
> always damage the DB by removing DB files, or he can steal them by
> copying DB files, and does not need to connect to DB as a client.
>
> But still.... is this considered secure?
It will ask for a password, so I think it's secure. Another thing would be if
you had it as trusted.
--
11:29:01 up 15 days, 16:00, 4 users, load average: 0.24, 0.07, 0.06
-----------------------------------------------------------------
Martín Marqués | select 'mmarques' || '@' || 'unl.edu.ar'
Centro de Telematica | DBA, Programador, Administrador
Universidad Nacional
del Litoral
-----------------------------------------------------------------
> El Mi� 24 Mar 2004 10:25, ogjunk-pg@yahoo.com escribi�:
>> But still.... is this considered secure?
Why would you think it's any less secure than your localhost (TCP)
entry?
It's fairly easy to configure a Unix-domain socket to be *more* secure
than TCP, because you can use file permissions to limit which other
users can even connect to it. A lot of paranoid admins use only Unix
socket connections and don't even enable the postmaster to listen on
TCP. I don't know of anyone who considers TCP more secure than local.
regards, tom lane