After creating a new user john with: CREATE USER john PASSWORD 'test';
CREATE DATABASE johndb OWNER john; I can connect to the PostgreSQL server with: psql -U john johndb The problem is that psql never asks me for the password. I realy need to know what's wrong, because of obvious reasons.
Your pg_hba.conf file probably has local connections set to "trust". The default contains a section like this:
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
This means that for all connections from the local machine, trust whatever the client says. If the client says "I am user john", then the server will permit that.
The PostgreSQL documentation has a whole section on the pg_hba.conf file.
Related
I am trying to create another superuser for my Postgresql database. I have managed to successfully create a new role with all the permissions using default postgres superuser.
However, when I am trying to log into the database using my new user with the password I have created for it, I am getting this error message: psql: error: could not connect to server: FATAL: password authentication failed for user "newuser"
Here is how my pg_hba.conf file looks like:
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
If I set all the methods to trust, I will be able to log in as the newuser, but since the database I am trying to set up will be public, I do not want to leave superuser without any passwords.
Also, the default postgres user also already has the password set up for it, but I can log into it with no issues.
Let's say there are 4 users on my local machine all with the same IP by the name of "Chris", "James", "Ben", and "Charles". If I have a website on Apache, if any of them were to type in "localhost" into search they would be able to see that website.
How would I make it so say "Charles" cannot access the website? So if he were to type in "localhost" or the IP address he would be denied from the server any access to that particular website.
You can create a .htaccess file to specify user authentication. This way only authenticated users have access to the web server.
Here is a tutorial:
https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04
If users are logged in locally, you may use iptables to block specific user. Please try the command below:
$ sudo iptables -A OUTPUT -o EXTERNAL_IF -m owner --uid-owner USERNAME -d DESTINATION_WEB -j REJECT
Where:
EXTERNAL_IF is the name of the Internet-bound interface (e.g. eth0)
USERNAME is the login id of the restricted user
DESTINATION_WEB is the DNS name or IP address of the destination website. Beware of sites that host many websites (such as blogger) or those that have multiple public IPs (such as Google)
Hope this information works for you.
Postgres not accepting connection if I say -h localhost but it works if I say -h 127.0.0.1
[root#5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: Ident authentication failed for user "postgres"
[root#5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.
postgres=#
My /var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
If I add following line then Postgres service failed to start:
host all all localhost ident
host all all localhost trust
Wwhat is wrong there?
Update
My /etc/hosts file:
[root#5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2 5d9ca0effd7f
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
In pg_hba.conf, the first match counts. The manual:
The first record with a matching connection type, client address,
requested database, and user name is used to perform authentication.
There is no "fall-through" or "backup": if one record is chosen and
the authentication fails, subsequent records are not considered. If no
record matches, access is denied.
Note the reversed order:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
But:
host all all localhost ident
host all all localhost trust
Remember to reload after saving changes to pg_hba.conf. (Restart is not necessary.) The manual:
The pg_hba.conf file is read on start-up and when the main server
process receives a SIGHUP signal. If you edit the file on an active
system, you will need to signal the postmaster (using pg_ctl reload,
calling the SQL function pg_reload_conf(), or using kill -HUP) to
make it re-read the file.
If you really "add" the lines like you wrote, there should not be any effect at all. But if you replace the lines, there is.
In the first case, you get trust authentication method, which is an open-door policy. The manual:
PostgreSQL assumes that anyone who can connect to the server is
authorized to access the database with whatever database user name
they specify (even superuser names)
But in the second case you get the ident authentication method, which has to be set up properly to work.
Plus, as Cas pointed out later, localhost covers both IPv4 and IPv6, while 127.0.0.1/32 only applies to IPv4.
If you are actually using the outdated version 8.4, go to the old manual for 8.4. You are aware that 8.4 has reached EOL in 2014 and is not supported any more? Consider upgrading to a current version.
In Postgres 9.1 or later you would rather use peer than ident.
More:
Run batch file with psql command without password
The Problem
Postgres will potentially use IPv6 when specifying -h localhost which given the above pg_hba.conf specifies ident, a password prompt will be returned.
However when -h 127.0.0.1 is specified, it forces Postgres to use IPv4, which is set to trust in above config and allows access without password.
The Answer
Thus the answer is to modify the IPv6 host line in pg_hba.conf to use trust:
# IPv6 local connections:
host all all ::1/128 trust
Remembering to restart the Postgres service after making config changes.
I changed the postgres password to NULL for the user postgres on my local machine. using the following command in SQL window:
ALTER ROLE postgres WITH PASSWORD NULL;
Now, I cannot login back again as it asking for password and not accepting anything. I can't run the SQL query to change the password as I am not logged in now. Can I do something from windows command prompt to change the password back?
You can edit pg_hba.conf file to enable trust (no password) auth-method for localhost. Details here:http://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
Adding
host all all 127.0.0.1/32 trust
to the start of the pg_hba.conf file will enable no-password login from 127.0.0.1/32 (localhost)
First go to the pg_hba.conf file and open it in any editor (notepad or notepad++).
Location of pg_hba.conf is mainly
C:\Program Files\PostgreSQL\9.3\data
Change method as md5 to trust
#TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Instead of
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
then save it.
Run Command prompt as administrator and goto
C:\Program Files\PostgreSQL\9.3\bin
directory through cmd.
Run reload postgres service command
pg_ctl.exe reload -D "C:\Program Files\PostgreSQL\9.3\data"
Got to PgAdmin and connect localhost database without using password
Go to the properties
Change the password in Definition tab
Then again change method trust to md5 .
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Again Run reload postgres service command
pg_ctl.exe reload -D "C:\Program Files\PostgreSQL\9.3\data"
I need to connect to SQL server which I present in locations such as 192.168.1.1 from my localhost I was able to connect to the above server in MySql workbench using ssh tunneling. Can anyone help me on how do I do it in grail.
Same way... Set up the tunnel as before and point grails to it:
# Configure SSH and SCP by adding properties to grails-app/conf/Config.groovy under the "remotessh" key:
# Option set a global username to access ssh through to remote host
# If you are going to define user from above commands then leave it with empty speach marks
remotessh.USER = "USER"
# The password leave blank if you are about to use SSH Keys, otherwise provide password to ssh auth
remotessh.PASS=""
# The ssh key is your id_rsa or id_dsa - please note your tomcat will need access/permissions to file/location
remotessh.KEY="/home/youruser/.ssh/id_rsa"
# If you use a key pass for your key connections then provide it below
remotessh.KEYPASS=""
# The ssh port to connect through if not given will default to 56022
remotessh.PORT="56022" # the forwarded port
# Hostname will default to localhost