Quick Links

Re: Postgres 9.1 client authentication for local, no password required?

From:	Guillaume Lelarge <guillaume(at)lelarge(dot)info>
To:	Wujek Srujek <wujek(dot)srujek(at)googlemail(dot)com>
Cc:	pgsql-admin(at)postgresql(dot)org
Subject:	Re: Postgres 9.1 client authentication for local, no password required?
Date:	2012-01-05 20:51:09
Message-ID:	1325796669.2290.2.camel@localhost.localdomain
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

On Thu, 2012-01-05 at 20:56 +0100, Wujek Srujek wrote:
> Hi. I am using Postgres 9.1 on Ubuntu 11.10 64bit. I have a question about
> client authentication.
> After installing the server, and setting the postgres password to encrypted
> 'postgres', I made sure I can log in like that. Then, I edited the
> /etc/postgres/9.1/main/pg_hba.conf file to contain just this single like:
>
> local all all md5
>
> According to these sources:
> http://www.postgresql.org/docs/9.1/static/auth-pg-hba-conf.html
> http://www.postgresql.org/docs[...]uth-methods.html#AUTH-PASSWORD
>
> this means (at least that's how I understand it):
> 1. local - it allows only connections using unix domain sockets
> 2. first all - access to all databases
> 3. second all - for every user
> 4. md5 - requires providing a password for a login
>
> But now, I am trying to connect as a normal user:
>
> psql -d postgres -U postgres
>
> and it connects without ever asking for a password! (The password works
> fine when I force it with -W, so this part is ok.)
>
> If I add a line for TCP/IP connections (with 'host' at the beginning) it
> does ask for the password, so it looks like the behavior I am experiencing
> has something to do with domain socket, but I am not sure.
>
> The user that I installed Postgres with and tried logging in was the same,
> and it was in the admin group, so it had the sudoer privilage. I thought it
> had something to do with that, so I created another user, who wasn't a
> sudoer - and I had to give the password. But then, when I added the admin
> group to the user (which adds it to sudoers on my machine), I still had to
> specify the password (and sudo works fine), which would imply that it was a
> dead end.
>

My guess would be that you have a .pgpass file on your first user's home
directory, and not on the new one.

Sot, first, try to check if there is a $HOME/.pgpass file for your first
user.

--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
PostgreSQL Sessions #3: http://www.postgresql-sessions.org

In response to

Postgres 9.1 client authentication for local, no password required? at 2012-01-05 19:56:18 from Wujek Srujek

Responses

Re: Postgres 9.1 client authentication for local, no password required? at 2012-01-05 21:00:37 from Wujek Srujek

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Tripura	2012-01-05 20:58:19	Re: Drop Schema from Postgres
Previous Message	Wujek Srujek	2012-01-05 19:56:18	Postgres 9.1 client authentication for local, no password required?