Ident authentication failed
Hi,
I'm trying to configure miniflux and am struggling to figure out how to
configure postgres for that purpose. (The miniflux instructions are
very terse.) Regardless of whether I run the command as the postgres
user or the miniflux user, I get similar errors. I am running Centos 7
using the updated scl version of postgres (9.6.10).
With the following, the postgres user "miniflux" along with the password
are specified in /etc/miniflux.conf.
$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"
I have no problems logging into postgres as the miniflux user using the
same password specified in /etc/miniflux.conf.
Running the same command without specifying the configuration file uses
the postgres user and also fails
$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
I'm at a complete loss.
Any suggestions?
Thanks,
Ted To
You're only allowing "trust" authentication, not "ident" authentication.
On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how to
configure postgres for that purpose. (The miniflux instructions are very
terse.) Regardless of whether I run the command as the postgres user or
the miniflux user, I get similar errors. I am running Centos 7 using the
updated scl version of postgres (9.6.10).With the following, the postgres user "miniflux" along with the password
are specified in /etc/miniflux.conf.$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"I have no problems logging into postgres as the miniflux user using the
same password specified in /etc/miniflux.conf.Running the same command without specifying the configuration file uses
the postgres user and also fails$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
--
Angular momentum makes the world go 'round.
On 3/26/20 12:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how to
configure postgres for that purpose. (The miniflux instructions are
very terse.) Regardless of whether I run the command as the postgres
user or the miniflux user, I get similar errors. I am running Centos 7
using the updated scl version of postgres (9.6.10).With the following, the postgres user "miniflux" along with the password
are specified in /etc/miniflux.conf.$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"I have no problems logging into postgres as the miniflux user using the
same password specified in /etc/miniflux.conf.Running the same command without specifying the configuration file uses
the postgres user and also fails$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"
Can you show the entire connection string used by miniflux?
Did you reload/restart the server after making the changes below?
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
--
Adrian Klaver
adrian.klaver@aklaver.com
Thank you -- I added two lines to the hba file to allow for ident
authentication, restarted postgres and still the same errors.
Show quoted text
On 3/26/20 3:35 PM, Ron wrote:
You're only allowing "trust" authentication, not "ident" authentication.
On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how
to configure postgres for that purpose. (The miniflux instructions
are very terse.) Regardless of whether I run the command as the
postgres user or the miniflux user, I get similar errors. I am
running Centos 7 using the updated scl version of postgres (9.6.10).With the following, the postgres user "miniflux" along with the
password are specified in /etc/miniflux.conf.$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"I have no problems logging into postgres as the miniflux user using
the same password specified in /etc/miniflux.conf.Running the same command without specifying the configuration file
uses the postgres user and also fails$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
On 3/26/20 3:35 PM, Adrian Klaver wrote:
Can you show the entire connection string used by miniflux?
The miniflux command is binary so, no, not easily.
Did you reload/restart the server after making the changes below?
Yes.
Show quoted text
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
On 3/26/20 12:40 PM, Ted To wrote:
Thank you -- I added two lines to the hba file to allow for ident
authentication, restarted postgres and still the same errors.
Without knowing how the client is trying to connect to the server this
issue will be difficult to solve.
On 3/26/20 3:35 PM, Ron wrote:
You're only allowing "trust" authentication, not "ident" authentication.
On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how
to configure postgres for that purpose. (The miniflux instructions
are very terse.) Regardless of whether I run the command as the
postgres user or the miniflux user, I get similar errors. I am
running Centos 7 using the updated scl version of postgres (9.6.10).With the following, the postgres user "miniflux" along with the
password are specified in /etc/miniflux.conf.$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"I have no problems logging into postgres as the miniflux user using
the same password specified in /etc/miniflux.conf.Running the same command without specifying the configuration file
uses the postgres user and also fails$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
--
Adrian Klaver
adrian.klaver@aklaver.com
On Mar 26, 2020, at 1:43 PM, Ted To <ted@theo.to> wrote:
On 3/26/20 3:35 PM, Adrian Klaver wrote:
Can you show the entire connection string used by miniflux?
The miniflux command is binary so, no, not easily.
Did you reload/restart the server after making the changes below?
Yes.
Do you have psql client? Connect as postgres user?
On 3/26/20 12:40 PM, Ted To wrote:
Thank you -- I added two lines to the hba file to allow for ident
authentication, restarted postgres and still the same errors.
Alright from here:
https://miniflux.app/docs/configuration.html
The Golang Postgres client pq is being used and:
"The default value for DATABASE_URL is user=postgres password=postgres
dbname=miniflux2 sslmode=disable."
From here:
https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters
"host - The host to connect to. Values that start with / are for unix
domain sockets. (default is localhost)"
So unless you have specified a host in the conf file you need to be
paying attention to the lines in pg_hba.conf that start with host.
Where the two lines you added above for host?
You can check what is happening on the server end by looking in the
Postgres logs. That will also show you the connection string.
Do you have more then one instance of Postgres on the machine?
On 3/26/20 3:35 PM, Ron wrote:
You're only allowing "trust" authentication, not "ident" authentication.
On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how
to configure postgres for that purpose. (The miniflux instructions
are very terse.) Regardless of whether I run the command as the
postgres user or the miniflux user, I get similar errors. I am
running Centos 7 using the updated scl version of postgres (9.6.10).With the following, the postgres user "miniflux" along with the
password are specified in /etc/miniflux.conf.$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"I have no problems logging into postgres as the miniflux user using
the same password specified in /etc/miniflux.conf.Running the same command without specifying the configuration file
uses the postgres user and also fails$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
--
Adrian Klaver
adrian.klaver@aklaver.com
## Ted To (ted@theo.to):
Thank you -- I added two lines to the hba file to allow for ident
authentication, restarted postgres and still the same errors.
You probably don't want "ident" authentication - that's the thing
with "identd" (see RfC 1413), which even 20 years ago was only used
in connection with IRC, but not really for "authentication".
You'd rather want "scram-sha-256" as the authentication method (hoping
that whatever-go-uses can do that - come on, we got that in version 10),
or (if that's not possible) "md5". See
https://www.postgresql.org/docs/12/auth-methods.html and
https://www.postgresql.org/docs/12/auth-pg-hba-conf.html .
Note that "password_encryption" has to match that authentication method
from pg_hba.conf, that's described in
https://www.postgresql.org/docs/12/auth-password.html .
Regards,
Christoph
--
Spare Space
Thanks for the many responses I've gotten! What a useful and welcoming
community!
I finally managed to get it configured following:
https://github.com/miniflux/miniflux/issues/80#issuecomment-375996546
Show quoted text
On 3/26/20 4:24 PM, Adrian Klaver wrote:
On 3/26/20 12:40 PM, Ted To wrote:
Thank you -- I added two lines to the hba file to allow for ident
authentication, restarted postgres and still the same errors.Alright from here:
https://miniflux.app/docs/configuration.html
The Golang Postgres client pq is being used and:"The default value for DATABASE_URL is user=postgres password=postgres
dbname=miniflux2 sslmode=disable."From here:
https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters
"host - The host to connect to. Values that start with / are for unix
domain sockets. (default is localhost)"So unless you have specified a host in the conf file you need to be
paying attention to the lines in pg_hba.conf that start with host.Where the two lines you added above for host?
You can check what is happening on the server end by looking in the
Postgres logs. That will also show you the connection string.Do you have more then one instance of Postgres on the machine?
On 3/26/20 3:35 PM, Ron wrote:
You're only allowing "trust" authentication, not "ident"
authentication.On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out
how to configure postgres for that purpose. (The miniflux
instructions are very terse.) Regardless of whether I run the
command as the postgres user or the miniflux user, I get similar
errors. I am running Centos 7 using the updated scl version of
postgres (9.6.10).With the following, the postgres user "miniflux" along with the
password are specified in /etc/miniflux.conf.$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"I have no problems logging into postgres as the miniflux user using
the same password specified in /etc/miniflux.conf.Running the same command without specifying the configuration file
uses the postgres user and also fails$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file
includes# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trustI'm at a complete loss.
Any suggestions?
Thanks,
Ted To
On 2020-03-26 21:33:51 +0100, Christoph Moench-Tegeder wrote:
## Ted To (ted@theo.to):
Thank you -- I added two lines to the hba file to allow for ident
authentication, restarted postgres and still the same errors.You probably don't want "ident" authentication - that's the thing
with "identd" (see RfC 1413),
Depends on the type of socket. For unix sockets it's the same as peer
authentication.
which even 20 years ago was only used in connection with IRC, but not
really for "authentication".
I don't think there are any linux distributions which install identd by
default any more, so it wouldn't work anyway.
You'd rather want "scram-sha-256" as the authentication method (hoping
that whatever-go-uses can do that - come on, we got that in version 10),
or (if that's not possible) "md5".
Actually, for local connections I prefer "peer". I'm already
authenticated by the OS, no need for a (second) password.
I should add that you shouldn't use "trust" unless
* no connection from other hosts is allowed, and
* all users on this host should have full access anyway.
This is rarely the case.
hp
--
_ | Peter J. Holzer | Story must make more sense than reality.
|_|_) | |
| | | hjp@hjp.at | -- Charles Stross, "Creative writing
__/ | http://www.hjp.at/ | challenge!"