No pg_hba.conf entry for host localhost (was: Re: createused + createdb problems with passwords)
Hello,
Thank you - this morning I managed to create both a DB user and a DB.
However, I am still puzzled by this error that I am getting now:
[otis]$ psql MYDB
psql: FATAL: No pg_hba.conf entry for host localhost, user otis,
database MYDB
On the other hand, "psql -h 127.0.0.1 MYDB" works!
Here is the relevant data:
# pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't work)
host MYDB otis 127.0.0.1 255.255.255.0 md5
$ grep localhost /etc/hosts
127.0.0.1 localhost.localdomain localhost
$ hostname -i
MY.IP.IS.HERE (real, external IP, not 127....)
All I am trying to do is this:
- Don't allow external connections
(got firewall, too, but multiple layers of security shouldn't hurt)
- Require even the local client to use username/password
authentication with md5
Thanks,
Otis
--- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote:Show quoted text
On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote:
Hello,
I have created PostgreSQL databases and users a number of times,
but
I'm having trouble with that on a new server with Postgresql 7.3.4.
I am trying to create a DB user (createuser) and a database itself
(createdb):bash-2.05b$ whoami
postgresbash-2.05b$ tail -5 ~postgres/data/pg_hba.conf
host all all MY.IP.IS.HERE 255.255.255.255 md5bash-2.05b$ createuser -h MY.IP.IS.HERE otis
Shall the new user be allowed to create databases? (y/n) n
Shall the new user be allowed to create more new users? (y/n) n
Password:
psql: FATAL: Password authentication failed for user "postgres"createuser: creation of user "otis" failed
-- Question: what password am I supposed to enter here?
-- I suppose it's the postgres user's _DB_ password - but how do Iknow
what it is? I didn't set it.
Well you need to connect as a user with create user priviledges, i.e.
a db
superuser, in order to create your new user. If there isn't such a
user you
know the password for you'll have to ask the dba to do it for you.If you are the dba then you must already know the postgres password.
If you
have forgotten the password temporarily change md5 to trust in the
pg_hba.conf
file, restart the server and change the superusers password to a new
one. Don't
forget to restart the server after changing the pg_hba.conf entry
back to md5.Alternatively, check that the localhost entry isn't already set to
trust and
just don't specify the server ip address for the commands. If it
isn't set to
trust already do the md5 --> trust --> md5 thing with that entry
instead of the
one above. (From the use of MY.IP.IS.HERE in your snippets I presume
you are
running these utilities on the same system as the server is running).bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev
Password:
psql: FATAL: Password authentication failed for user "postgres"createdb: database creation failed
-- Question: what password am I supposed to enter here?
Same as for createuser
Thank you,
Otis
Import Notes
Reply to msg id not found: Pine.LNX.4.21.0403240050110.7959-100000@ponder.fairway2k.co.uk
Hi,
I am not sure but have you tried adding to your pg_hosts.conf
the following form:
#local DATABASE USER METHOD [OPTION]
local MYDB otis md5
Cheers!
Dexter Tad-y
Show quoted text
On Wed, 2004-03-24 at 18:37, ogjunk-pg@yahoo.com wrote:
Hello,
Thank you - this morning I managed to create both a DB user and a DB.
However, I am still puzzled by this error that I am getting now:
[otis]$ psql MYDB
psql: FATAL: No pg_hba.conf entry for host localhost, user otis,
database MYDBOn the other hand, "psql -h 127.0.0.1 MYDB" works!
Here is the relevant data:
# pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't work)
host MYDB otis 127.0.0.1 255.255.255.0 md5$ grep localhost /etc/hosts
127.0.0.1 localhost.localdomain localhost$ hostname -i
MY.IP.IS.HERE (real, external IP, not 127....)All I am trying to do is this:
- Don't allow external connections
(got firewall, too, but multiple layers of security shouldn't hurt)
- Require even the local client to use username/password
authentication with md5Thanks,
Otis--- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote:On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote:
Hello,
I have created PostgreSQL databases and users a number of times,
but
I'm having trouble with that on a new server with Postgresql 7.3.4.
I am trying to create a DB user (createuser) and a database itself
(createdb):bash-2.05b$ whoami
postgresbash-2.05b$ tail -5 ~postgres/data/pg_hba.conf
host all all MY.IP.IS.HERE 255.255.255.255 md5bash-2.05b$ createuser -h MY.IP.IS.HERE otis
Shall the new user be allowed to create databases? (y/n) n
Shall the new user be allowed to create more new users? (y/n) n
Password:
psql: FATAL: Password authentication failed for user "postgres"createuser: creation of user "otis" failed
-- Question: what password am I supposed to enter here?
-- I suppose it's the postgres user's _DB_ password - but how do Iknow
what it is? I didn't set it.
Well you need to connect as a user with create user priviledges, i.e.
a db
superuser, in order to create your new user. If there isn't such a
user you
know the password for you'll have to ask the dba to do it for you.If you are the dba then you must already know the postgres password.
If you
have forgotten the password temporarily change md5 to trust in the
pg_hba.conf
file, restart the server and change the superusers password to a new
one. Don't
forget to restart the server after changing the pg_hba.conf entry
back to md5.Alternatively, check that the localhost entry isn't already set to
trust and
just don't specify the server ip address for the commands. If it
isn't set to
trust already do the md5 --> trust --> md5 thing with that entry
instead of the
one above. (From the use of MY.IP.IS.HERE in your snippets I presume
you are
running these utilities on the same system as the server is running).bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev
Password:
psql: FATAL: Password authentication failed for user "postgres"createdb: database creation failed
-- Question: what password am I supposed to enter here?
Same as for createuser
Thank you,
Otis---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
Hi,
I am not sure but have you tried adding to your pg_hba.conf
the following form:
#local DATABASE USER METHOD [OPTION]
local MYDB otis md5
Cheers!
Dexter Tad-y
Show quoted text
On Wed, 2004-03-24 at 18:37, ogjunk-pg@yahoo.com wrote:
Hello,
Thank you - this morning I managed to create both a DB user and a DB.
However, I am still puzzled by this error that I am getting now:
[otis]$ psql MYDB
psql: FATAL: No pg_hba.conf entry for host localhost, user otis,
database MYDBOn the other hand, "psql -h 127.0.0.1 MYDB" works!
Here is the relevant data:
# pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't work)
host MYDB otis 127.0.0.1 255.255.255.0 md5$ grep localhost /etc/hosts
127.0.0.1 localhost.localdomain localhost$ hostname -i
MY.IP.IS.HERE (real, external IP, not 127....)All I am trying to do is this:
- Don't allow external connections
(got firewall, too, but multiple layers of security shouldn't hurt)
- Require even the local client to use username/password
authentication with md5Thanks,
Otis--- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote:On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote:
Hello,
I have created PostgreSQL databases and users a number of times,
but
I'm having trouble with that on a new server with Postgresql 7.3.4.
I am trying to create a DB user (createuser) and a database itself
(createdb):bash-2.05b$ whoami
postgresbash-2.05b$ tail -5 ~postgres/data/pg_hba.conf
host all all MY.IP.IS.HERE 255.255.255.255 md5bash-2.05b$ createuser -h MY.IP.IS.HERE otis
Shall the new user be allowed to create databases? (y/n) n
Shall the new user be allowed to create more new users? (y/n) n
Password:
psql: FATAL: Password authentication failed for user "postgres"createuser: creation of user "otis" failed
-- Question: what password am I supposed to enter here?
-- I suppose it's the postgres user's _DB_ password - but how do Iknow
what it is? I didn't set it.
Well you need to connect as a user with create user priviledges, i.e.
a db
superuser, in order to create your new user. If there isn't such a
user you
know the password for you'll have to ask the dba to do it for you.If you are the dba then you must already know the postgres password.
If you
have forgotten the password temporarily change md5 to trust in the
pg_hba.conf
file, restart the server and change the superusers password to a new
one. Don't
forget to restart the server after changing the pg_hba.conf entry
back to md5.Alternatively, check that the localhost entry isn't already set to
trust and
just don't specify the server ip address for the commands. If it
isn't set to
trust already do the md5 --> trust --> md5 thing with that entry
instead of the
one above. (From the use of MY.IP.IS.HERE in your snippets I presume
you are
running these utilities on the same system as the server is running).bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev
Password:
psql: FATAL: Password authentication failed for user "postgres"createdb: database creation failed
-- Question: what password am I supposed to enter here?
Same as for createuser
Thank you,
Otis---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
Hello,
Yes, I did add such an entry to pg_hba.conf:
local MYDB otis md5
However, how secure is that?
Is this considered secure?
I suppose that if a cracker has broken into the DB server, he can
always damage the DB by removing DB files, or he can steal them by
copying DB files, and does not need to connect to DB as a client.
But still.... is this considered secure?
Thanks,
Otis
--- Dexter Tad-y <dexterbt1@my.smart.com.ph> wrote:Show quoted text
Hi,
I am not sure but have you tried adding to your pg_hosts.conf
the following form:#local DATABASE USER METHOD [OPTION]
local MYDB otis md5Cheers!
Dexter Tad-y
On Wed, 2004-03-24 at 18:37, ogjunk-pg@yahoo.com wrote:
Hello,
Thank you - this morning I managed to create both a DB user and a
DB.
However, I am still puzzled by this error that I am getting now:
[otis]$ psql MYDB
psql: FATAL: No pg_hba.conf entry for host localhost, user otis,
database MYDBOn the other hand, "psql -h 127.0.0.1 MYDB" works!
Here is the relevant data:
# pg_hba.conf (entering 'localhost' instead of 127.0.0.1 doesn't
work)
host MYDB otis 127.0.0.1 255.255.255.0 md5
$ grep localhost /etc/hosts
127.0.0.1 localhost.localdomain localhost$ hostname -i
MY.IP.IS.HERE (real, external IP, not 127....)All I am trying to do is this:
- Don't allow external connections
(got firewall, too, but multiple layers of security shouldn'thurt)
- Require even the local client to use username/password
authentication with md5Thanks,
Otis--- "Nigel J. Andrews" <nandrews@investsystems.co.uk> wrote:On Tue, 23 Mar 2004 ogjunk-pg@yahoo.com wrote:
Hello,
I have created PostgreSQL databases and users a number of
times,
but
I'm having trouble with that on a new server with Postgresql
7.3.4.
I am trying to create a DB user (createuser) and a database
itself
(createdb):
bash-2.05b$ whoami
postgresbash-2.05b$ tail -5 ~postgres/data/pg_hba.conf
host all all MY.IP.IS.HERE 255.255.255.255 md5bash-2.05b$ createuser -h MY.IP.IS.HERE otis
Shall the new user be allowed to create databases? (y/n) n
Shall the new user be allowed to create more new users? (y/n) n
Password:
psql: FATAL: Password authentication failed for user"postgres"
createuser: creation of user "otis" failed
-- Question: what password am I supposed to enter here?
-- I suppose it's the postgres user's _DB_ password - but howdo I
know
what it is? I didn't set it.
Well you need to connect as a user with create user priviledges,
i.e.
a db
superuser, in order to create your new user. If there isn't sucha
user you
know the password for you'll have to ask the dba to do it foryou.
If you are the dba then you must already know the postgres
password.
If you
have forgotten the password temporarily change md5 to trust inthe
pg_hba.conf
file, restart the server and change the superusers password to anew
one. Don't
forget to restart the server after changing the pg_hba.conf entry
back to md5.Alternatively, check that the localhost entry isn't already set
to
trust and
just don't specify the server ip address for the commands. If it
isn't set to
trust already do the md5 --> trust --> md5 thing with that entry
instead of the
one above. (From the use of MY.IP.IS.HERE in your snippets Ipresume
you are
running these utilities on the same system as the server isrunning).
bash-2.05b$ createdb -h MY.IP.IS.HERE simpydev
Password:
psql: FATAL: Password authentication failed for user"postgres"
createdb: database creation failed
-- Question: what password am I supposed to enter here?
Same as for createuser
Thank you,
Otis---------------------------(end of
broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to
majordomo@postgresql.org
---------------------------(end of
broadcast)---------------------------
TIP 6: Have you searched our list archives?
El Mié 24 Mar 2004 10:25, ogjunk-pg@yahoo.com escribió:
Hello,
Yes, I did add such an entry to pg_hba.conf:
local MYDB otis md5
However, how secure is that?
Is this considered secure?I suppose that if a cracker has broken into the DB server, he can
always damage the DB by removing DB files, or he can steal them by
copying DB files, and does not need to connect to DB as a client.But still.... is this considered secure?
It will ask for a password, so I think it's secure. Another thing would be if
you had it as trusted.
--
11:29:01 up 15 days, 16:00, 4 users, load average: 0.24, 0.07, 0.06
-----------------------------------------------------------------
Martín Marqués | select 'mmarques' || '@' || 'unl.edu.ar'
Centro de Telematica | DBA, Programador, Administrador
Universidad Nacional
del Litoral
-----------------------------------------------------------------
El Mi� 24 Mar 2004 10:25, ogjunk-pg@yahoo.com escribi�:
But still.... is this considered secure?
Why would you think it's any less secure than your localhost (TCP)
entry?
It's fairly easy to configure a Unix-domain socket to be *more* secure
than TCP, because you can use file permissions to limit which other
users can even connect to it. A lot of paranoid admins use only Unix
socket connections and don't even enable the postmaster to listen on
TCP. I don't know of anyone who considers TCP more secure than local.
regards, tom lane