Windows postgresql password authentication failed for user

Authentication failures and related problems generally manifest themselves through error messages like the following:

FATAL:  no pg_hba.conf entry for host "123.123.123.123", user "andym", database "testdb"

This is what you are most likely to get if you succeed in contacting the server, but it does not want to talk to you. As the message suggests, the server refused the connection request because it found no matching entry in its pg_hba.conf configuration file.

FATAL:  password authentication failed for user "andym"

Messages like this indicate that you contacted the server, and it is willing to talk to you, but not until you pass the authorization method specified in the pg_hba.conf file. Check the password you are providing, or check your Kerberos or ident software if the complaint mentions one of those authentication types.

FATAL:  user "andym" does not exist

The indicated database user name was not found.

FATAL:  database "testdb" does not exist

The database you are trying to connect to does not exist. Note that if you do not specify a database name, it defaults to the database user name, which might or might not be the right thing.

Answer given is almost correct just missing some pointers which i’ll be taking care of in my solution

First make sure your user have a sudo access if not you can use the below command to add your user as sudo user :-

sudo adduser <username> sudo

The change will take effect the next time the user logs in.

i) Now go to sudo vim /etc/postgresql/<your_postgres_version>/main/pg_hba.conf file and look for line that says :

local   all             postgres                                md5 #peer

and comment that. Just below that line there must be a commented line that says:

local   all             postgres                                peer

or for older versions it’ll be :-

local   all         postgres                          ident

Uncomment that line.

ii) Now restart the postgres by using any of these commands :-

sudo /etc/init.d/postgresql restart

OR

sudo service postgresql restart

iii) Now you can simply log into postgres using the following command :

sudo -u postgres psql

iv) once you’re in you can create any operation you want to in my case i wanted to create a new database you can do the same using below command :

CREATE DATABASE airflow_replica;

On a new PostgreSQL server, the following error message was received, when a user tried to use psql:

$ psql -h 127.0.0.1 -U dbuser
Password for user dbuser: *****
psql: FATAL:  password authentication failed for user «dbuser»
FATAL:  password authentication failed for user «dbuser»

The logs showed the following entries:

[11834] dbuser@dbuser FATAL:  password authentication failed for user «dbuser»
[11834] dbuser@dbuser DETAIL:  Password does not match for user «dbuser».
    Connection matched pg_hba.conf line 92: «host    all             all             127.0.0.1/32            md5»
[11835] dbuser@dbuser FATAL:  password authentication failed for user «dbuser»
[11835] dbuser@dbuser DETAIL:  Password does not match for user «dbuser».
    Connection matched pg_hba.conf line 92: «host    all             all             127.0.0.1/32            md5»

Verifying authentication configuration

Obviously the first question in such a situation is: Was the entered password correct? And in the special case of PostgreSQL a second question should always come into mind: Is there a correct configuration in pg_hba.conf for the attempted authentication?

The authentication obviously correctly matched a line in pg_hba.conf, as could also be seen in the log file:

# grep 127.0.0.1 /etc/postgresql/9.6/main/pg_hba.conf
host    all             all             127.0.0.1/32            md5

After it was verified that the entered password was actually correct, the creation of the SQL user was once more analyzed. This turned out to be a manual user creation using an SQL query (old habits):

postgres=# CREATE USER dbuser WITH PASSWORD ‘mysecretpassword’;

Spotting the difference in user creation

When using the createuser command, a special parameter -e can be used. This will show the actual SQL queries sent to PostgreSQL:

postgres@pgserver:~$ createuser -P -E -e dbuser
Enter password for new role: *****
Enter it again: *****
SELECT pg_catalog.set_config(‘search_path’, », false)
CREATE ROLE dbuser ENCRYPTED PASSWORD ‘md5b3e88aa92b0943f1d2eed5cc618255e8’ NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;

A significant difference is the usage of «ENCRYPTED PASSWORD» vs. «WITH PASSWORD» from the manual SQL query. Would that mean that the md5 password encryption (as defined in pg_hba.conf) didn’t work because the password from the manual user creation (using SQL query) was understood as plain text?

This can be verified again, now that the user was created using createuser:

Indeed, the password authentication worked this time and the user is logged in!

Encrypted vs unencrypted passwords

The documentation of the createuser command shows that there are two different options available whether or not to use an encrypted password:

Particularly these keywords are described as:

It also says that if neither of these keywords was used, the system default would be applied. To check the current PostgreSQL setting whether or not to encrypt passwords by default, the following SQL query can be run:

postgres@pgserver:~$ psql -qAtc «SELECT name, setting FROM pg_settings WHERE name = ‘password_encryption'»
password_encryption|on

It can also be checked in the configuration file, in case the default should be changed:

root@pgserver:~# grep password_encryption /etc/postgresql/9.6/main/postgresql.conf
#password_encryption = on

TL;DR: Now it makes sense

The manual user creation using an SQL query did not contain either ENCRYPTED nor UNENCRYPTED keywords. This means that PostgreSQL automatically applied the default: ENCRYPTED. The given password («mysecretpassword») was therefore encrypted and stored in the database. Logins with exactly this plain password («mysecretpassword») would of course fail, because it does not match the encrypted stored value.

Although the manual user creation using an SQL query still works, the newer createuser command should be used primarily. This will avoid errors or mistakes from remembered SQL queries from earlier PostgreSQL versions. As mentioned, old habits.

Add a comment

Show form to leave a comment

Comments (newest first)

Mert from wrote on Jan 2nd, 2021:

Thank’s for clarification i was trying wrap my mind around this for whole evening. More people should be aware of subtle difference between authentication mechanisms, especially newcomers.

PostgreSQL returns password authentication failed for user although password is correct

Published on February 14th 2020 — Listed in PostgreSQL Database

On a new PostgreSQL server, the following error message was received, when a user tried to use psql :

$ psql -h 127.0.0.1 -U dbuser
Password for user dbuser: *****
psql: FATAL: password authentication failed for user «dbuser»
FATAL: password authentication failed for user «dbuser»

The logs showed the following entries:

[11834] dbuser@dbuser FATAL: password authentication failed for user «dbuser»
[11834] dbuser@dbuser DETAIL: Password does not match for user «dbuser».
Connection matched pg_hba.conf line 92: «host all all 127.0.0.1/32 md5»
[11835] dbuser@dbuser FATAL: password authentication failed for user «dbuser»
[11835] dbuser@dbuser DETAIL: Password does not match for user «dbuser».
Connection matched pg_hba.conf line 92: «host all all 127.0.0.1/32 md5»

Verifying authentication configuration

Obviously the first question in such a situation is: Was the entered password correct? And in the special case of PostgreSQL a second question should always come into mind: Is there a correct configuration in pg_hba.conf for the attempted authentication?

The authentication obviously correctly matched a line in pg_hba.conf, as could also be seen in the log file:

# grep 127.0.0.1 /etc/postgresql/9.6/main/pg_hba.conf
host all all 127.0.0.1/32 md5

After it was verified that the entered password was actually correct, the creation of the SQL user was once more analyzed. This turned out to be a manual user creation using an SQL query (old habits):

postgres=# CREATE USER dbuser WITH PASSWORD ‘mysecretpassword’;

Spotting the difference in user creation

When using the createuser command, a special parameter -e can be used. This will show the actual SQL queries sent to PostgreSQL:

$ createuser -P -E -e dbuser
Enter password for new role: *****
Enter it again: *****
SELECT pg_catalog.set_config(‘search_path’, », false)
CREATE ROLE dbuser ENCRYPTED PASSWORD ‘md5b3e88aa92b0943f1d2eed5cc618255e8’ NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;

A significant difference is the usage of «ENCRYPTED PASSWORD» vs. «WITH PASSWORD» from the manual SQL query. Would that mean that the md5 password encryption (as defined in pg_hba.conf) didn’t work because the password from the manual user creation (using SQL query) was understood as plain text?

This can be verified again, now that the user was created using createuser:

$ psql -h 127.0.0.1 -p 5432 -U dbuser
Password for user dbuser: *****
psql (9.6.16)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type «help» for help.

Indeed, the password authentication worked this time and the user is logged in!

Encrypted vs unencrypted passwords

The documentation of the createuser command shows that there are two different options available whether or not to use an encrypted password:

CREATE USER name [ [ WITH ] option [ . ] ]

where option can be:

SYSID uid
| CREATEDB | NOCREATEDB
| CREATEUSER | NOCREATEUSER
| IN GROUP groupname [, . ]
| [ ENCRYPTED | UNENCRYPTED ] PASSWORD ‘password’
| VALID UNTIL ‘abstime’

Particularly these keywords are described as:

These key words control whether the password is stored encrypted in the system catalogs. (If neither is specified, the default behavior is determined by the configuration parameter password_encryption.) If the presented password string is already in MD5-encrypted format, then it is stored encrypted as-is, regardless of whether ENCRYPTED or UNENCRYPTED is specified (since the system cannot decrypt the specified encrypted password string). This allows reloading of encrypted passwords during dump/restore.

It also says that if neither of these keywords was used, the system default would be applied. To check the current PostgreSQL setting whether or not to encrypt passwords by default, the following SQL query can be run:

$ psql -qAtc «SELECT name, setting FROM pg_settings WHERE name = ‘password_encryption’»
password_encryption|on

It can also be checked in the configuration file, in case the default should be changed:

# grep password_encryption /etc/postgresql/9.6/main/postgresql.conf
#password_encryption = on

TL;DR: Now it makes sense

The manual user creation using an SQL query did not contain either ENCRYPTED nor UNENCRYPTED keywords. This means that PostgreSQL automatically applied the default: ENCRYPTED. The given password («mysecretpassword») was therefore encrypted and stored in the database. Logins with exactly this plain password («mysecretpassword») would of course fail, because it does not match the encrypted stored value.

Although the manual user creation using an SQL query still works, the newer createuser command should be used primarily. This will avoid errors or mistakes from remembered SQL queries from earlier PostgreSQL versions. As mentioned, old habits.

Mert from wrote on Jan 2nd, 2021:

Thank’s for clarification i was trying wrap my mind around this for whole evening. More people should be aware of subtle difference between authentication mechanisms, especially newcomers.

Blog Tags:

© 2008 — 2022 by Claudio Kuenzler. Powered by .

Источник

Postgresql role is blocked due to fail authentication attempts

Authentication failures and related problems generally manifest themselves through error messages like the following:

This is what you are most likely to get if you succeed in contacting the server, but it does not want to talk to you. As the message suggests, the server refused the connection request because it found no matching entry in its pg_hba.conf configuration file.

Messages like this indicate that you contacted the server, and it is willing to talk to you, but not until you pass the authorization method specified in the pg_hba.conf file. Check the password you are providing, or check your Kerberos or ident software if the complaint mentions one of those authentication types.

The indicated database user name was not found.

The database you are trying to connect to does not exist. Note that if you do not specify a database name, it defaults to the database user name, which might or might not be the right thing.

The server log might contain more information about an authentication failure than is reported to the client. If you are confused about the reason for a failure, check the server log.

Submit correction

If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.

Copyright © 1996-2022 The PostgreSQL Global Development Group

Источник

Postgresql: ошибка аутентификации пароля для пользователя » postgres»

Я установил PostgreSQL 8.4, Postgres client и Pgadmin 3. Не удалось выполнить проверку подлинности для пользователя «postgres» как для консольного клиента, так и для Pgadmin. Я ввел пользователя как » postgres «и пароль» postgres», потому что он работал раньше. Но теперь аутентификация не удалась. Я делал это раньше пару раз без этой проблемы. Что же мне делать? И что же происходит?

12 ответов:

если я правильно помню нет DB пароль установлен на Ubuntu по умолчанию. Это значит, что вы можете войти в эту учетную запись только с помощью postgres пользователей ОС

ответ персонала правильный, но если вы хотите дополнительно автоматизировать может сделать:

$ sudo -u postgres psql -c «ALTER USER postgres PASSWORD ‘postgres’;»

готово! Вы сохранили User = postgres и password = postgres.

Если у вас нет пароля для пользователя postgres ubuntu do:

$ sudo passwd postgres

Это было неприятно, большинство из приведенных выше ответов верны, но они не упоминают, что вы должны перезапустить службу базы данных перед изменениями в pg_hba.файл conf вступит в силу.

Так что если вы делаете что-то вроде выше

затем перезагрузка как root ( на centos это что-то вроде сервиса Service postgresql-9.2 restart ) сейчас вы должны иметь доступ к БД как пользователь postgres

$psql psql (9.2.4) Введите «справка» для справки.

надеюсь, что это добавляет информацию для новых пользователей postgres

редактировать pg_hba.файл conf, например, с sudo emacs /etc/postgresql/9.3/main/pg_hba.conf

измените все методы аутентификации на trust . Измените пароль Unix для пользователя «postgres». Перезагрузите Сервер. Войдите с помощью psql -h localhost -U postgres и использовать только что установленный пароль Unix. Если это работает, вы можете повторно установить файл pg_hba.файл conf по умолчанию.

Если вы пытаетесь войти в оболочку postgres как пользователь postgres, то вы можете использовать следующие команды.

переключиться на пользователя postgres

надеюсь, что это поможет

старайтесь не использовать параметр-W и оставьте пароль пустым. Иногда пользователь создается без пароля.

если это не работает, сбросьте пароль. Есть несколько способов сделать это, но это работает на многих системах:

Как правило: ВЫ НИКОГДА НЕ ДОЛЖНЫ УСТАНАВЛИВАТЬ ПАРОЛЬ ДЛЯ ПОЛЬЗОВАТЕЛЯ POSTGRES.

Если вам нужен доступ суперпользователя от pgAdmin, сделайте другого суперпользователя. Таким образом, если учетные данные для этого суперпользователя скомпрометированы, вы всегда можете ssh в фактический хост базы данных и вручную удалить суперпользователя с помощью

Я просто хотел добавить, что вы также должны проверить, если ваш пароль истек.

вот некоторые комбинации, которые я пытался войти:

Источник

Postgresql: password authentication failed for user “postgres”

I have installed PostgreSQL 8.4, Postgres client and Pgadmin 3. Authentication failed for user «postgres» for both console client and Pgadmin. I have typed user as «postgres» and password «postgres», because it worked before. But now authentication is failed. I did it before a couple of times without this problem. What should I do? And what happens?

25 Answers 25

If I remember correctly the user postgres has no DB password set on Ubuntu by default. That means, that you can login to that account only by using the postgres OS user account.

Assuming, that you have root access on the box you can do:

If that fails with a database «postgres» does not exists error, then you are most likely not on a Ubuntu or Debian server 🙂 In this case simply add template1 to the command:

If any of those commands fail with an error psql: FATAL: password authentication failed for user «postgres» then check the file /etc/postgresql/8.4/main/pg_hba.conf : There must be a line like this as the first non-comment line:

For newer versions of PostgreSQL ident actually might be peer . That’s OK also.

Inside the psql shell you can give the DB user postgres a password:

You can leave the psql shell by typing Ctrl D or with the command q .

Now you should be able to give pgAdmin a valid password for the DB superuser and it will be happy too. 🙂

Источник

FATAL: password authentication / DETAIL: Role “” does not exist. #773

I have been looking for a workaround for 3 days now and it seems to be a fairly common issue that I can’t seem to fix for myself due to my lack of knowledge with docker/Postgres. I believe it has something to do with the volume not being able to write.

the errors I’ve been able to see are ;

FATAL: password authentication failed for user «app»
DETAIL: Role “app” does not exist. Connection matched pg_hba.conf line 95: “host all all all md5”

So I can see that the user is not being created for some reason. nor is the DB and at this point, I don’t even know how to change this pg_hba.conf file nor why it should be needed to be changed in the first place on an official docker image. I would assume that it would work right off the bat. I am constantly deleting the images and rebuilding them trying to make changes with no hope so far.

What am I missing and how can I fix this so I can actually do something with Postgres?

The text was updated successfully, but these errors were encountered:

If your app-db volume has files in it then the entrypoint script won’t initialize the database, what’s the log output of that container on startup?

If your app-db volume has files in it then the entrypoint script won’t initialize the database, what’s the log output of that container on startup?

well, I’m not too sure, but I have been completely deleting all the images using docker system prune -a and trying to rebuild only to get the same errors, the container will show what’s below, otherwise, is there a way to get better logs?

`PostgreSQL Database directory appears to contain a database; Skipping initialization

2020-10-16 14:40:32.119 UTC [1] LOG: starting PostgreSQL 13.0 (Debian 13.0-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit

2020-10-16 14:40:32.119 UTC [1] LOG: listening on IPv4 address «0.0.0.0», port 5432

2020-10-16 14:40:32.119 UTC [1] LOG: listening on IPv6 address «::», port 5432

2020-10-16 14:40:32.156 UTC [1] LOG: listening on Unix socket «/var/run/postgresql/.s.PGSQL.5432»

2020-10-16 14:40:32.174 UTC [26] LOG: database system was shut down at 2020-10-16 14:08:16 UTC

2020-10-16 14:40:32.221 UTC [1] LOG: database system is ready to accept connections

2020-10-16 14:40:36.071 UTC [35] FATAL: password authentication failed for user «app»

2020-10-16 14:40:36.071 UTC [35] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:40:39.954 UTC [37] FATAL: password authentication failed for user «app»

2020-10-16 14:40:39.954 UTC [37] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:40:43.570 UTC [39] FATAL: password authentication failed for user «app»

2020-10-16 14:40:43.570 UTC [39] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:40:47.118 UTC [41] FATAL: password authentication failed for user «app»

2020-10-16 14:40:47.118 UTC [41] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:40:51.009 UTC [43] FATAL: password authentication failed for user «app»

2020-10-16 14:40:51.009 UTC [43] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:40:55.794 UTC [46] FATAL: password authentication failed for user «app»

2020-10-16 14:40:55.794 UTC [46] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:41:02.159 UTC [48] FATAL: password authentication failed for user «app»

2020-10-16 14:41:02.159 UTC [48] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:41:11.681 UTC [50] FATAL: password authentication failed for user «app»

2020-10-16 14:41:11.681 UTC [50] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:41:27.519 UTC [53] FATAL: password authentication failed for user «app»

2020-10-16 14:41:27.519 UTC [53] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5»

2020-10-16 14:41:56.305 UTC [57] FATAL: password authentication failed for user «app»

2020-10-16 14:41:56.305 UTC [57] DETAIL: Role «app» does not exist.

Connection matched pg_hba.conf line 99: «host all all all md5″`

PostgreSQL Database directory appears to contain a database; Skipping initialization
It’s detecting files in /var/lib/postgresql/data from the app-db volume, and the entrypoint script won’t modify existing data so it skips.

docker system prune only removes unused volumes, containers, etc.
To do a complete pruning you’d want to remove anything currently in use (including stopped containers) with something like docker rm -f $(docker ps -aq) which will remove every container shown with docker ps -a and then docker system prune will delete them and all Docker named-volumes

To do a complete pruning you’d want to remove anything currently in use (including stopped containers) with something like docker rm -f $(docker ps -aq) which will remove every container shown with docker ps -a and then docker system prune will delete them and all Docker named-volumes

so I did docker rm -f $(docker ps -aq ) , followed by docker system prune then docker-compose build and up. and still, get the error. any idea as to why it wouldn’t have took. is there another reason that postgrsql would see another db.
`PostgreSQL Database directory appears to contain a database; Skipping initialization

2020-10-16 20:43:14.563 UTC [1] LOG: starting PostgreSQL 13.0 (Debian 13.0-1.pgdg100+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit

2020-10-16 20:43:14.582 UTC [1] LOG: listening on IPv4 address «0.0.0.0», port 5432

2020-10-16 20:43:14.582 UTC [1] LOG: listening on IPv6 address «::», port 5432

2020-10-16 20:43:14.603 UTC [1] LOG: listening on Unix socket «/var/run/postgresql/.s.PGSQL.5432»

2020-10-16 20:43:14.624 UTC [25] LOG: database system was shut down at 2020-10-16 20:34:10 UTC

2020-10-16 20:43:14.635 UTC [1] LOG: database system is ready to accept connections

2020-10-16 20:43:18.703 UTC [34] FATAL: password authentication failed for user «app»

2020-10-16 20:43:18.703 UTC [34] DETAIL: Role «app» does not exist.

Источник