Thread: simple md5 authentication problems

simple md5 authentication problems

From
"robert"
Date:
Hi all, hope this is the right list.

I have postgres 8.1 running on linux. We have tests that mostly run on
windows. I want to run these tests on linux.

On these windows boxes, pg_hba.conf has just one line:

host    all         all         127.0.0.1/32          md5

They use 'postgres' as the user and password to connect to a db.

I couldn't start postgres on linux with just that line, so on linux I
have:

# "local" is for Unix domain socket connections only
local   all         all                               ident sameuser
# IPv4 local connections:
host    all         all         127.0.0.1/32          md5
# IPv6 local connections:
host    all         all         ::1/128               ident sameuser

I created my db as:
postgres=# CREATE DATABASE maragato_test OWNER postgres;

I seem to have a user 'postgres' - I'm using the default.

postgres=# SELECT * FROM "pg_user";
 usename  | usesysid | usecreatedb | usesuper | usecatupd |  passwd  |
valuntil | useconfig
----------+----------+-------------+----------+-----------+----------+----------+-----------
 postgres |       10 | t           | t        | t         | ******** |
        |

However, I get this error:

/home/postgres> psql -h localhost maragato_test postgres
Password for user postgres:
psql: FATAL:  autenticação do tipo password falhou para usuário
"postgres"

Sorry - couldn't get local en_US working. That translates to:
Authentication of type password failed for user postgres. I think that
means 'ident password' . I tried to connect with java and I get the
same error.

I just need to connect to db 'maragato_test' on local host using
'postgres´ as the user and password, using md5.

Any ideas?
Robert


Re: simple md5 authentication problems

From
"chris smith"
Date:
On 5 May 2006 02:22:32 -0700, robert <robertlazarski@gmail.com> wrote:
> Hi all, hope this is the right list.
>
> I have postgres 8.1 running on linux. We have tests that mostly run on
> windows. I want to run these tests on linux.
>
> On these windows boxes, pg_hba.conf has just one line:
>
> host    all         all         127.0.0.1/32          md5
>
> They use 'postgres' as the user and password to connect to a db.
>
> I couldn't start postgres on linux with just that line, so on linux I
> have:
>
> # "local" is for Unix domain socket connections only
> local   all         all                               ident sameuser
> # IPv4 local connections:
> host    all         all         127.0.0.1/32          md5
> # IPv6 local connections:
> host    all         all         ::1/128               ident sameuser
>
> I created my db as:
> postgres=# CREATE DATABASE maragato_test OWNER postgres;
>
> I seem to have a user 'postgres' - I'm using the default.
>
> postgres=# SELECT * FROM "pg_user";
>  usename  | usesysid | usecreatedb | usesuper | usecatupd |  passwd  |
> valuntil | useconfig
> ----------+----------+-------------+----------+-----------+----------+----------+-----------
>  postgres |       10 | t           | t        | t         | ******** |
>         |
>
> However, I get this error:
>
> /home/postgres> psql -h localhost maragato_test postgres
> Password for user postgres:
> psql: FATAL:  autenticação do tipo password falhou para usuário
> "postgres"
>
> Sorry - couldn't get local en_US working. That translates to:
> Authentication of type password failed for user postgres. I think that
> means 'ident password' . I tried to connect with java and I get the
> same error.
>
> I just need to connect to db 'maragato_test' on local host using
> 'postgres´ as the user and password, using md5.

Try '-h 127.0.0.1' rather than 'localhost' - it's still seeing the
connection as coming through the socket, not through tcpip, so it's
matching the "ident" rule.

--
Postgresql & php tutorials
http://www.designmagick.com/

Re: simple md5 authentication problems

From
"robert"
Date:
Thanks for the response, but changing to 127.0.0.1 didn't help.

Changing this line sets the db wide open:

host    all         all         127.0.0.1/32          trust

From there, another non-root login can access it with any user /
password.

What I really need is this command to work with a non-root
account, with only the right username and password - in this case the
pre-configured postgres account:

psql -U postgres -h 127.0.0.1

robert

"chris smith" escreveu:

> On 5 May 2006 02:22:32 -0700, robert <robertlazarski@gmail.com> wrote:
> > Hi all, hope this is the right list.
> >
> > I have postgres 8.1 running on linux. We have tests that mostly run on
> > windows. I want to run these tests on linux.
> >
> > On these windows boxes, pg_hba.conf has just one line:
> >
> > host    all         all         127.0.0.1/32          md5
> >
> > They use 'postgres' as the user and password to connect to a db.
> >
> > I couldn't start postgres on linux with just that line, so on linux I
> > have:
> >
> > # "local" is for Unix domain socket connections only
> > local   all         all                               ident sameuser
> > # IPv4 local connections:
> > host    all         all         127.0.0.1/32          md5
> > # IPv6 local connections:
> > host    all         all         ::1/128               ident sameuser
> >
> > I created my db as:
> > postgres=# CREATE DATABASE maragato_test OWNER postgres;
> >
> > I seem to have a user 'postgres' - I'm using the default.
> >
> > postgres=# SELECT * FROM "pg_user";
> >  usename  | usesysid | usecreatedb | usesuper | usecatupd |  passwd  |
> > valuntil | useconfig
> > ----------+----------+-------------+----------+-----------+----------+----------+-----------
> >  postgres |       10 | t           | t        | t         | ******** |
> >         |
> >
> > However, I get this error:
> >
> > /home/postgres> psql -h localhost maragato_test postgres
> > Password for user postgres:
> > psql: FATAL:  autenticação do tipo password falhou para usuário
> > "postgres"
> >
> > Sorry - couldn't get local en_US working. That translates to:
> > Authentication of type password failed for user postgres. I think that
> > means 'ident password' . I tried to connect with java and I get the
> > same error.
> >
> > I just need to connect to db 'maragato_test' on local host using
> > 'postgres´ as the user and password, using md5.
>
> Try '-h 127.0.0.1' rather than 'localhost' - it's still seeing the
> connection as coming through the socket, not through tcpip, so it's
> matching the "ident" rule.
>
> --
> Postgresql & php tutorials
> http://www.designmagick.com/
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faq


Re: simple md5 authentication problems

From
kmh496
Date:
> > >
> > > # "local" is for Unix domain socket connections only
> > > local   all         all                               ident sameuser
> > > # IPv4 local connections:
> > > host    all         all         127.0.0.1/32          md5
> > > # IPv6 local connections:
> > > host    all         all         ::1/128               ident sameuser
> > >
> > > I created my db as:
> > > postgres=# CREATE DATABASE maragato_test OWNER postgres;
> > >
> > > I seem to have a user 'postgres' - I'm using the default.
> > >
> > > postgres=# SELECT * FROM "pg_user";
> > >  usename  | usesysid | usecreatedb | usesuper | usecatupd |  passwd  |
> > > valuntil | useconfig
> > > ----------+----------+-------------+----------+-----------+----------+----------+-----------
> > >  postgres |       10 | t           | t        | t         | ******** |
> > >         |
> > >
> > > However, I get this error:
> > >
> > > /home/postgres> psql -h localhost maragato_test postgres
> > > Password for user postgres:
> > > psql: FATAL:  autenticação do tipo password falhou para usuário
> > > "postgres"
> > >
doesn't that user have to exist since you are using ident method?  that
means unix username == postgres username.
do you have a user named maragato_test on the system?
did you create that user in postgres and on the system?






Re: simple md5 authentication problems

From
Bruno Wolff III
Date:
On Mon, May 08, 2006 at 23:10:31 +0900,
  kmh496 <kmh496@kornet.net> wrote:
> doesn't that user have to exist since you are using ident method?  that
> means unix username == postgres username.
> do you have a user named maragato_test on the system?
> did you create that user in postgres and on the system?

Note that you can create custom mappings for which the unix user is not
the same as the postgres user.

Re: simple md5 authentication problems

From
"robert"
Date:
Bruno Wolff III escreveu:

> On Mon, May 08, 2006 at 23:10:31 +0900,
>   kmh496 <kmh496@kornet.net> wrote:
> > doesn't that user have to exist since you are using ident method?  that
> > means unix username == postgres username.
> > do you have a user named maragato_test on the system?
> > did you create that user in postgres and on the system?
>
> Note that you can create custom mappings for which the unix user is not
> the same as the postgres user.
>

I don't want to use ident and the unix user name. Let me try and
simplify my question:

1) Isn't the user 'postgres' pre-configured? Running this seems to
imply so: 'select datname from pg_database;'
    datname
---------------
 postgres

2) Is there a way to use this user 'postgres' with a non-root unix
account _not_ named postgres? I just want _any_ method - md5, ident,
whatever, that allows access to my db with user 'postgres' from an
account called myuser1, myuser2, and myuser3. Tomorrow it might be
myuser4.

3) I'm willing to try and use custom mappings if that's the easiest way
to solve my problem.

Thanks for the help,
Robert


Re: simple md5 authentication problems

From
Martijn van Oosterhout
Date:
On Mon, May 08, 2006 at 02:10:02PM -0700, robert wrote:
> 1) Isn't the user 'postgres' pre-configured? Running this seems to
> imply so: 'select datname from pg_database;'
>     datname
> ---------------
>  postgres

This demonstrates a *database* named postgres. Users are in the pg_user
table.

> 2) Is there a way to use this user 'postgres' with a non-root unix
> account _not_ named postgres? I just want _any_ method - md5, ident,
> whatever, that allows access to my db with user 'postgres' from an
> account called myuser1, myuser2, and myuser3. Tomorrow it might be
> myuser4.

Absolutely, though the question is obviously why. It's a superuser
account, you can create more of them if you like with createuser.

If you want to use md5, setup a line in pg_hba.conf for md5 auth from
wherever you're logging in (reload postmaster). For this to work you
might need to ALTER USER postgres WITH PASSWORD 'blah' to set the
password.

If you want to use ident (no password), setup pg_hba.conf for ident
using a mapname. You say "ident mapname" there. Then in pg_ident.conf
setup the mapping for IDENT to PGUSERNAME there. Reload postmaster.

You can use trust if you're desperate.

Hope this helps,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.

Attachment