Postgres not accepting connection if I say -h localhost but it works if I say -h 127.0.0.1
[root#5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: Ident authentication failed for user "postgres"
[root#5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.
postgres=#
My /var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
If I add following line then Postgres service failed to start:
host all all localhost ident
host all all localhost trust
Wwhat is wrong there?
Update
My /etc/hosts file:
[root#5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2 5d9ca0effd7f
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
In pg_hba.conf, the first match counts. The manual:
The first record with a matching connection type, client address,
requested database, and user name is used to perform authentication.
There is no "fall-through" or "backup": if one record is chosen and
the authentication fails, subsequent records are not considered. If no
record matches, access is denied.
Note the reversed order:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
But:
host all all localhost ident
host all all localhost trust
Remember to reload after saving changes to pg_hba.conf. (Restart is not necessary.) The manual:
The pg_hba.conf file is read on start-up and when the main server
process receives a SIGHUP signal. If you edit the file on an active
system, you will need to signal the postmaster (using pg_ctl reload,
calling the SQL function pg_reload_conf(), or using kill -HUP) to
make it re-read the file.
If you really "add" the lines like you wrote, there should not be any effect at all. But if you replace the lines, there is.
In the first case, you get trust authentication method, which is an open-door policy. The manual:
PostgreSQL assumes that anyone who can connect to the server is
authorized to access the database with whatever database user name
they specify (even superuser names)
But in the second case you get the ident authentication method, which has to be set up properly to work.
Plus, as Cas pointed out later, localhost covers both IPv4 and IPv6, while 127.0.0.1/32 only applies to IPv4.
If you are actually using the outdated version 8.4, go to the old manual for 8.4. You are aware that 8.4 has reached EOL in 2014 and is not supported any more? Consider upgrading to a current version.
In Postgres 9.1 or later you would rather use peer than ident.
More:
Run batch file with psql command without password
The Problem
Postgres will potentially use IPv6 when specifying -h localhost which given the above pg_hba.conf specifies ident, a password prompt will be returned.
However when -h 127.0.0.1 is specified, it forces Postgres to use IPv4, which is set to trust in above config and allows access without password.
The Answer
Thus the answer is to modify the IPv6 host line in pg_hba.conf to use trust:
# IPv6 local connections:
host all all ::1/128 trust
Remembering to restart the Postgres service after making config changes.
Related
I changed the postgres password to NULL for the user postgres on my local machine. using the following command in SQL window:
ALTER ROLE postgres WITH PASSWORD NULL;
Now, I cannot login back again as it asking for password and not accepting anything. I can't run the SQL query to change the password as I am not logged in now. Can I do something from windows command prompt to change the password back?
You can edit pg_hba.conf file to enable trust (no password) auth-method for localhost. Details here:http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
Adding
host all all 127.0.0.1/32 trust
to the start of the pg_hba.conf file will enable no-password login from 127.0.0.1/32 (localhost)
First go to the pg_hba.conf file and open it in any editor (notepad or notepad++).
Location of pg_hba.conf is mainly
C:\Program Files\PostgreSQL\9.3\data
Change method as md5 to trust
#TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Instead of
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
then save it.
Run Command prompt as administrator and goto
C:\Program Files\PostgreSQL\9.3\bin
directory through cmd.
Run reload postgres service command
pg_ctl.exe reload -D "C:\Program Files\PostgreSQL\9.3\data"
Got to PgAdmin and connect localhost database without using password
Go to the properties
Change the password in Definition tab
Then again change method trust to md5 .
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Again Run reload postgres service command
pg_ctl.exe reload -D "C:\Program Files\PostgreSQL\9.3\data"
I need to connect to SQL server which I present in locations such as 192.168.1.1 from my localhost I was able to connect to the above server in MySql workbench using ssh tunneling. Can anyone help me on how do I do it in grail.
Same way... Set up the tunnel as before and point grails to it:
# Configure SSH and SCP by adding properties to grails-app/conf/Config.groovy under the "remotessh" key:
# Option set a global username to access ssh through to remote host
# If you are going to define user from above commands then leave it with empty speach marks
remotessh.USER = "USER"
# The password leave blank if you are about to use SSH Keys, otherwise provide password to ssh auth
remotessh.PASS=""
# The ssh key is your id_rsa or id_dsa - please note your tomcat will need access/permissions to file/location
remotessh.KEY="/home/youruser/.ssh/id_rsa"
# If you use a key pass for your key connections then provide it below
remotessh.KEYPASS=""
# The ssh port to connect through if not given will default to 56022
remotessh.PORT="56022" # the forwarded port
# Hostname will default to localhost
Can someone help me why this is happening when I'm trying to connect to database or rails s?
In my pg_hba.conf file I have this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication Andrew trust
#host replication Andrew 127.0.0.1/32 trust
#host replication Andrew ::1/128 trust
local all all md5
Maybe I'm doing it wrong?
Thanks
I had the same problem. somehow, this line was added to my /etc/hosts file:
fe80::1%lo0 localhost
commenting out or removing that line from /etc/hosts should fix it
sudo vi /etc/hosts
#fe80::1%lo0 localhost
I'm on OSX 10.9.3 and Postgres 9.3.4.
I've managed to resolve this problem in the following way:
First find your pg_hba.conf file by starting up psql with psql -h 127.0.0.1 and executing SHOW hba_file;:
hba_file
-------------------------------------
/usr/local/var/postgres/pg_hba.conf
(1 row)
Now add the following line to pg_hba.conf:
host all all fe80::1%lo0/128 trust
and reload the configuration via select pg_reload_conf(); within psql.
Now you should be able to connect via psql -h fe80::1%lo0.
Oo, that's an interesting one.
Assuming you're connecting to localhost (you didn't say and didn't show your database.yml), it appears that localhost is resolving to an IPv6 link-local address with zone index.
If you use ::1 or 127.0.0.1 it should work.
This is very likely an operating system misconfiguration or bug, so lots more detail (see comment above) should be added to the question if you want any concrete advice on that.
For me, the cause was calling sudo rails server -p 80.
I bound the rails server to port 80 so that I wouldn't have to specify a port in the url localhost:3000 during development. This appears to write fe80::1%lo0»localhost to my /etc/hosts file.
Try commenting out the line in your hosts file, then running rails s -p 3000
Actually,
The same error occurs for me when I execute pg_dump command to take backup of my server database (external) like below
'/Applications/Postgres.app/Contents/Versions/9.3/bin'/pg_dump -d "<database_name>" -h <server_name> -U <db_user_name> -f <destination_path>
I solved it (work around) by replacing my <server_name> to my actual server IP (10.1.0.18).
So the issue here is my system didn't understand the <server_name> host.
It might solve permanently when you add <server_name> host in /private/etc/hosts file.
Another variant: if IPv6 is not used in the network, you can just disable it. On Windows IPv6 service also can be disabled.
I am trying to setup an SSH tunnel to access Beanstalk (to bypass an annoying proxy server).
I can get this to work, but with one caveat: I have to map my Beanstalk host URL (username.svn.beanstalkapp.com) in my hosts file to 127.0.0.1 (and use the ip in place of the domain when setting up the tunnel).
The reason (I think) is that I am creating the tunnel using the local SSH instance (on Snow Leopard) and if I use localhost or 127.0.0.1 when talking to Beanstalk, it rejects the authorisation credentials. I believe this is because Beanstalk use the hostname specified in a request to determine which account the username / password combination should be checked against. If localhost is used, I think this information is missing (in some manner which Beanstalk requires) from the requests.
At the moment I dig the IP for username.svn.beanstalkapp.com, map username.svn.beanstalkapp.com to 127.0.0.1 in my hosts file, then for the tunnel I use the command:
ssh -L 8080:ip:443 -p 22 -l tom -N 127.0.0.1
I can tell Subversion that the repo. is located at:
https://username.svn.beanstalkapp.com:8080/repo-name
This uses my tunnel and the username and password are accepted.
So, my question is if there is an option when setting up the SSH tunnel which would mean I wouldn't have to use my hosts file workaround?
I would add an entry to your hosts file that maps 127.0.0.1 to the hostname you need and then use the hostname to connect to your tunnel.
Update
The hosts file is IMO your best option.
After creating a new user john with: CREATE USER john PASSWORD 'test';
CREATE DATABASE johndb OWNER john; I can connect to the PostgreSQL server with: psql -U john johndb The problem is that psql never asks me for the password. I realy need to know what's wrong, because of obvious reasons.
Your pg_hba.conf file probably has local connections set to "trust". The default contains a section like this:
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
This means that for all connections from the local machine, trust whatever the client says. If the client says "I am user john", then the server will permit that.
The PostgreSQL documentation has a whole section on the pg_hba.conf file.