On 9/10/24 16:21, Chris Miller wrote:
Hi Folks,
I am confused about authentication. I understand that in the local
connection case, I have choices of “peer”, and “md5” (password).
In pg_hba.conf, I have the lines:
local all all peer
local all all md5
I have an OS user “postgres”, and I can “su – postgres”, which brings me
to a shell and I can invoke psql successfully.
I believe that, as root, I should be able to “psql -U postgres -W” and
logon with a password. I can’t. When I try, I get:
psql: error: connection to server on socket
"/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication
failed for user "postgres"
Notice I am failing “peer” authentication. Seems to me that if I
explicitly ask for a password, “-W”, I should be using “md5” authentication.
First match wins loses in this case. The entries are processed top to
bottom the first the one matches in this case:
local all all peer
Per
https://www.postgresql.org/docs/16/auth-pg-hba-conf.html
"The first record with a matching connection type, client address,
requested database, and user name is used to perform authentication.
There is no “fall-through” or “backup”: if one record is chosen and the
authentication fails, subsequent records are not considered. If no
record matches, access is denied."
The -W is a no-op per:
https://www.postgresql.org/docs/16/app-psql.html
-W
--password
Force psql to prompt for a password before connecting to a
database, even if the password will not be used.
Can anybody straighten me out?
Thanks for the help,
--
Chris.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
