Re: expected authentication request from server, but received H

On 5/27/24 14:19, Peter J. Holzer wrote: On 2024-05-23 17:23:14 -0400, Tom Lane wrote: "Peter J. Holzer" writes: One of our users reports getting the error message "expected authentication request from server, but received H" when trying to connect to the database. That

Re: expected authentication request from server, but received H

On 2024-05-23 17:23:14 -0400, Tom Lane wrote: > "Peter J. Holzer" writes: > > One of our users reports getting the error message > > "expected authentication request from server, but received H" > > when trying to connect to the database. > > That

Re: expected authentication request from server, but received H

"Peter J. Holzer" writes: > One of our users reports getting the error message > "expected authentication request from server, but received H" > when trying to connect to the database. That's very bizarre, and I don't recall any similar reports in the re

expected authentication request from server, but received H

One of our users reports getting the error message "expected authentication request from server, but received H" when trying to connect to the database. I have confirmed that they do indeed connect to the database and not some other service and in Wireshark it looks like the TLS

Re: Peer authentication failed ???

Yes! Thanks so much it worked! On 10/3/23 9:37 a.m., Peter J. Holzer wrote: On 2023-10-03 05:55:51 -0400, Amn Ojee Uw wrote: psql -U my_group_worker -d my_group_db psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL:  Peer authentication

Re: Peer authentication failed ???

On 2023-10-03 05:55:51 -0400, Amn Ojee Uw wrote: > psql -U my_group_worker -d my_group_db > > psql: error: connection to server on socket > "/var/run/postgresql/.s.PGSQL.5432" > failed: FATAL:  Peer authentication failed for user "my_group_worker" > > **

Re: Peer authentication failed ???

On Tuesday, October 3, 2023, Amn Ojee Uw wrote: > > Using the 'sudo -u postgres psql' command > > *psql -U my_group_worker -d my_group_db* > > *psql: error: connection to server on socket > "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authenti

Peer authentication failed ???

esql/.s.PGSQL.5432" failed: FATAL:  Peer authentication failed for user "my_group_worker/*"* *** What am I doing wrong? Thanks in advance.

Re: LDAP Authentication

ctive-directory-postgresql-gssapi-kerberos-authentication Thanks. We'll study that. The "pass-the-password" LDAP-based auth method is just about exclusively > used for 3rd-party non-Kerberos-speaking services. When you have the > option to use Kerberos, you absolutely should. >

Re: LDAP Authentication

gt; > 2- Assign role or roles to the user x > > > 3- Update pg_hba.conf with the ldap connection link. > > > > > > You might need cert for the ldap to connect to AD, assuming you are > > using AD. > > > > If you're using AD, you should *really* be

Re: LDAP Authentication

Update pg_hba.conf with the ldap connection link. > > > > You might need cert for the ldap to connect to AD, assuming you are > using AD. > > If you're using AD, you should *really* be using Kerberos/gssapi for > your authentication and *not* LDAP. LDAP is insecure as it invol

Re: LDAP Authentication

p to connect to AD, assuming you are using AD. If you're using AD, you should *really* be using Kerberos/gssapi for your authentication and *not* LDAP. LDAP is insecure as it involves passing around the user's credentials which is extremely bad practice and is strongly discouraged. LDAP auth

Re: LDAP Authentication

023, at 10:42, Roger Tannous wrote: > > Hello, > > In section 21.10 LDAP Authentication > <https://www.postgresql.org/docs/current/auth-ldap.html> of the > documentation, it says that the DB user must already exist in the database > before LDAP can be used for aut

LDAP Authentication

Hello, In section 21.10 LDAP Authentication <https://www.postgresql.org/docs/current/auth-ldap.html> of the documentation, it says that the DB *user must already exist in the database before LDAP can be used for authentication*. I'm checking the possibility to use LDAP Authenti

Query regarding certificate authentication in postgres

Hello Sir/Madam, I have one query regarding client/server authentication using certificate in postgres. I am able to establish client server connection with OpenSSL certificate creation. We can create server and root certificates using OpenSSL and keep them in data directory. We need to update

Need help setting up Windows authentication SSPI user mapping

Hi, I would like to get helo with setting Windows authentication in a testing scenario. I use Windows 11. Windows connects to AAD and thus I use a windows account. The domain name is na, user name is hai. I also setup a local user account hailocal. My machine name is haisurface I have

SSPI authentication failed for user "xxx"

Hello, Following the upgrade from version 12.5 to 12.14, you have encountered an issue where the windows application fails to connect, and the log messages indicate the following: FATAL: SSPI authentication failed for user "xxx". DETAIL: Connection matched pg_hba.conf. The a

Re: can't get psql authentication against Active Directory working

; > On 20.02.23 15:17, Stephen Frost wrote: > > > > > > * Tomas Pospisek (t...@sourcepole.ch) wrote: > >> > > > That [SSPI] document says: > > > > > > "SSPI authentication only works when both server and client are running > > >

Re: can't get psql authentication against Active Directory working

That [SSPI] document says: "SSPI authentication only works when both server and client are running Windows, or, on non-Windows platforms, when GSSAPI is available." I interpret that phrase like this: * there's a case where both server and client are running Windows (doesn't app

Re: can't get psql authentication against Active Directory working

ike you're trying to do a bit more than that as you're using > > > > GSSAPI (not SSPI, which would be the more typical method on Windows..) > > > > and you're asking for an encrypted connection. Is there a reason you're > > > > going down this parti

Re: can't get psql authentication against Active Directory working

te..? The reason I'm using the GSSAPI is it's the only documented way to do authentication from psql.exe against Active Directory that was able to find. I mean ... https://www.postgresql.org/docs/current/sspi-auth.html Were should the settings that are discussed in that document

Re: can't get psql authentication against Active Directory working

r route..? > > The reason I'm using the GSSAPI is it's the only documented way to do > authentication from psql.exe against Active Directory that was able to find. I mean ... https://www.postgresql.org/docs/current/sspi-auth.html > Even now I am unable to find *any*

Re: can't get psql authentication against Active Directory working

hat as you're using GSSAPI (not SSPI, which would be the more typical method on Windows..) and you're asking for an encrypted connection. Is there a reason you're going down this particular route..? The reason I'm using the GSSAPI is it's the only documented way to do

Re: can't get psql authentication against Active Directory working

method on Windows..) and you're asking for an encrypted connection. Is there a reason you're going down this particular route..? > psql (Linux) -> postgres (Linux) with authentication against Active > Directory does work. That's good. One thing to know about Linux vs. Wi

Re: can't get psql authentication against Active Directory working

On 18.02.23 17:16, Erik Wienhold wrote: On 18/02/2023 15:02 CET Tomas Pospisek wrote: so I'm trying to authenticate psql (on Windows) -> postgres (on Linux) via Active Directory. psql (Linux) -> postgres (Linux) with authentication against Active Directory does work. However th

Re: can't get psql authentication against Active Directory working

> On 18/02/2023 15:02 CET Tomas Pospisek wrote: > > so I'm trying to authenticate psql (on Windows) -> postgres (on Linux) > via Active Directory. > > psql (Linux) -> postgres (Linux) with authentication against Active > Directory does work. > > However the

can't get psql authentication against Active Directory working

Hello all, so I'm trying to authenticate psql (on Windows) -> postgres (on Linux) via Active Directory. psql (Linux) -> postgres (Linux) with authentication against Active Directory does work. However the same with psql.exe on Windows does not. I get: D:\>C:\OSGeo4

Re: pgBackrest Error : authentication method 10 not supported

han >> wherever you installed your postgres from, and therefor it's using those >> libraries. Perhaps backrest is using the actual default operating system >> install, and your postgres is a non-standard one? >> >> //Magnus >> >> >>> >>

Re: pgBackrest Error : authentication method 10 not supported

s using those > libraries. Perhaps backrest is using the actual default operating system > install, and your postgres is a non-standard one? > > //Magnus > > >> >> On Tue, Jan 31, 2023 at 7:32 PM Magnus Hagander >> wrote: >> >>> >>> >>> O

Re: pgBackrest Error : authentication method 10 not supported

gnus Hagander > wrote: > >> >> >> On Tue, Jan 31, 2023 at 2:58 PM Daulat wrote: >> >>> Hello, >>> >>> I am getting an error message " authentication method 10 not supported" >>> while trying to create stanza on postgres14 a

Re: pgBackrest Error : authentication method 10 not supported

Tue, Jan 31, 2023 at 7:32 PM Magnus Hagander wrote: > > > On Tue, Jan 31, 2023 at 2:58 PM Daulat wrote: > >> Hello, >> >> I am getting an error message " authentication method 10 not supported" >> while trying to create stanza on postgres14 after up

Re: pgBackrest Error : authentication method 10 not supported

On Tue, Jan 31, 2023 at 2:58 PM Daulat wrote: > Hello, > > I am getting an error message " authentication method 10 not supported" > while trying to create stanza on postgres14 after upgrading postgres from > v.10 to Postgres v.14. > > I am using pgbackrest versi

pgBackrest Error : authentication method 10 not supported

Hello, I am getting an error message " authentication method 10 not supported" while trying to create stanza on postgres14 after upgrading postgres from v.10 to Postgres v.14. I am using pgbackrest version: v.43 and the scram-sha-256 for hba authentication. pgbackrest.conf entry:

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On 11/3/22 18:50, Bryn Llewellyn wrote: adrian.kla...@aklaver.com wrote: It isn't you where using pg_ctl and in the Debian/Ubuntu packaging the better option for that is pg_ctlcluster. I generally use the systemd scripts to start/stop Postgres instances, 

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

> adrian.kla...@aklaver.com wrote: > >> b...@yugabyte.com wrote: >> >> So only "postgres" can edit the files that must be so edited. > > That is not true [sudo vi some-file] which opens [it for editing]. By all means. I didn't bother to spell that out; > It isn't you where using pg_ctl an

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On 2022-11-03 15:37:07 -0700, Adrian Klaver wrote: > On 11/3/22 14:49, Bryn Llewellyn wrote: > > So only "postgres" can edit the files that must be so edited. > > That is not true: > > aklaver@arkansas:~$ whoami > aklaver > > > aklaver@arkansas:~$ sudo vi /etc/postgresql/14/main/pg_hba.conf > [

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

Apparently, an unwritten rule says that one must never end up so that "whoami" shows "postgres". I see that I can, then, always do, for example, this (from "parallels"): *sudo -u postgres vi pg_hba.conf* And, given that one major theme in our recent mutual, extended,

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

> david.g.johns...@gmail.com wrote: > > Some repetition of what Adrian just posted ahead... > >> b...@yugabyte.com wrote: >> >> How can it be that the PG doc itself leads you by the hand to a regime where >> you need to use undocumented features? > > The documentation tries to make clear that

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

21 Nov 1 15:48 /etc/postgresql/11/main/postgresql.conf -rw-r--r-- 1 postgres postgres 317 Nov 1 15:48 /etc/postgresql/11/main/start.conf So only "postgres" can edit the files that must be so edited. Apparently, an unwritten rule says that one must never end up so that "whoami&quo

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

 "Additionally, while reading the next chapter, Server Setup and Operation, is recommended if you are using a binary package the setup and operational environment it creates is likely to be somewhat different than what is described in this documentation.  Please read the documentation for the

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On Wed, Nov 2, 2022 at 6:22 PM David G. Johnston wrote: > Some repetition of what Adrian just posted ahead... > > On Wed, Nov 2, 2022 at 3:31 PM Bryn Llewellyn wrote: > >> >> How can it be that the PG doc itself leads you by the hand to a regime >> where you need to use undocumented features? >>

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

Some repetition of what Adrian just posted ahead... On Wed, Nov 2, 2022 at 3:31 PM Bryn Llewellyn wrote: > > I did exactly that. And I selected "Linux" and under that "Ubuntu". Notice > that I did NOT select "Debian", though it was on offer, because that's not > what I have. If Ubuntu and Debian

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On 11/2/22 15:31, Bryn Llewellyn wrote: david.g.johns...@gmail.com EARLIER wrote: A strange mutual misunderstanding has arisen here. I suppose that it must be my fault. I have no interest whatsoever in "going down to first principles". And I most certainl

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

> david.g.johns...@gmail.com EARLIER wrote: > > The postgres o/s user should be able to login using peer. It is a one-way > idea though. Wanting to login using peer says nothing about whether the user > getting that capability should be allowed to mess with the running server in > the operating

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On 11/1/22 13:20, Bryn Llewellyn wrote: david.g.johns...@gmail.com wrote: I know that I've been told off for allowing "sudo" for "postgres". I'm only experimenting on my laptop. But I want to be able to stop the server, delete the datafiles, create a

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On Tue, Nov 1, 2022 at 1:39 PM David G. Johnston wrote: > On Tue, Nov 1, 2022 at 1:20 PM Bryn Llewellyn wrote: > >> >> All this leads to an obvious question: >> >> *«* >> *Given that all of the config files have been made readable by "group" >> (in contrast to the regime for the data files), wha

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On Tue, Nov 1, 2022 at 1:20 PM Bryn Llewellyn wrote: > > About "opinionated package manager", I created my installation by > following the steps described here: > > https://wiki.postgresql.org/wiki/Apt > > Yes, apt is opinionated. And of important note here - its opinions, and the supplemental w

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

> david.g.johns...@gmail.com wrote: > >> b...@yugabyte.com wrote: >> >> It would seem proper to put any user who you want to set up for "local", >> "peer" authentication into the "postgres" group > > Did you really mean to wr

Aw: Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

> The client user should *never* read the PostgreSQL configuration files, so if > changing > the permissions (which you should *never* do) has an effect, you must be > doing something > very strange, like trying to start the database server with the wrong user. It smells of trying to *embed* Pos

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

uot;bare" Linux VM from file backup. > > Anyway, just to prove the point, I chmod'd my hba_file and my ident_file to > make them > readable by all. And the silly error message went away. > > However, that feels wrong to me. It would seem proper to put any user who you

Re: Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

On Mon, Oct 31, 2022 at 10:03 PM Bryn Llewellyn wrote: > It would seem proper to put any user who you want to set up for "local", > "peer" authentication into the "postgres" group > Did you really mean to write that? The postgres o/s user should be abl

Putting the O/S user for "local" "peer" authentication in the "postgres" group vs chmod'ing the "pg*.conf" files to be readable by "all"

installation as a dress rehearsal and simply redo it starting by restoring my "bare" Linux VM from file backup. Anyway, just to prove the point, I chmod'd my hba_file and my ident_file to make them readable by all. And the silly error message went away. However, that feels wrong

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

> david.g.johns...@gmail.com wrote: > >> b...@yugabyte.com wrote: >> >> This is what I see. I have Ubuntu 20.04 LTS VM using Parallels Desktop >> Version 18. >> >> # adduser 'dog$house' >> adduser: To avoid problems, the username should consist only of >> letters, digits, underscores, periods,

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On Mon, Oct 31, 2022 at 8:19 PM Bryn Llewellyn wrote: > > This is what I see. I have Ubuntu 20.04 LTS VM using Parallels Desktop > Version 18. > > # adduser 'dog$house' > adduser: To avoid problems, the username should consist only of > letters, digits, underscores, periods, at signs and dashes,

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

hjp-pg...@hjp.at wrote: > >> b...@yugabyte.com wrote: >> >> However, Linux (at least) simply disallows O/S users that have a dollar sign >> in the name. > > This is getting quite off-topic, but that isn't true: > > trintignant:~ 22:46 :-) 1015# useradd -m -s /bin/bash 'mac$crooge' > trintignan

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

>>>> >>>> psql -d postgres -U 'clstr$mgr' >>>> >>>> calls for "local", "peer" authentication as so it does NOT require a >>>> password. That would be enough for me. But, naturally, and now that it's >

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 2022-10-30 21:01:25 -0700, Bryn Llewellyn wrote: > However, Linux (at least) simply disallows O/S users that have a > dollar sign in the name. This is getting quite off-topic, but that isn't true: trintignant:~ 22:46 :-) 1015# useradd -m -s /bin/bash 'mac$crooge' trintignant:~ 22:46 :-) 1016#

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 10/31/22 10:31 AM, Bryn Llewellyn wrote: adrian.kla...@aklaver.com <mailto:adrian.kla...@aklaver.com> wrote: b...@yugabyte.com <mailto:r...@yugabyte.com> wrote: This, on the other hand: psql -d postgres -U 'clstr$mgr' calls for "local", "peer"

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

> adrian.kla...@aklaver.com wrote: > >> b...@yugabyte.com wrote: >> >> This, on the other hand: >> >> psql -d postgres -U 'clstr$mgr' >> >> calls for "local", "peer" authentication as so it does NOT require

Re: CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

lf some typing. This allows the possibility to set the password for the "postgres" cluster-role to NULL so that you MUST use the O/S prompt to start a session as this role. In other words, make it such that "local", "peer" authentication is the ONLY way to start a s

CASE CLOSED... Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

I'll call this O/S user "postgres", too, recognizing the common convention and to save myself some typing. This allows the possibility to set the password for the "postgres" cluster-role to NULL so that you MUST use the O/S prompt to start a session as this role. In other wor

Re: Unix users and groups... Was: "peer" authentication...

> hjp-pg...@hjp.at wrote: > >> b...@yugabyte.com: >> >> For the purpose of the tests that follow, I set up the O/S users "bob" and >> "mary" so that "id bob mary postgres" shows this: >> >> id=1002(bob) gid=1001(postgres) groups=1001(postgres) >> uid=1003(mary) gid=1001(postgres) grou

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 10/30/22 09:16, Karsten Hilbert wrote: Am Sat, Oct 29, 2022 at 09:15:08PM -0700 schrieb Adrian Klaver: *# MAPNAME    SYSTEM-USERNAME   PG-USERNAME* *# ---    ---   ---   bllewell   mary              mary * As has been said numerous times, it is utte

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

Am Sat, Oct 29, 2022 at 09:15:08PM -0700 schrieb Adrian Klaver: > >*# MAPNAME    SYSTEM-USERNAME   PG-USERNAME* > >*# ---    ---   --- > >   bllewell   mary              mary > >* > > > > > >As has been said numerous times, it is utterly pointless to define

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

Am Sat, Oct 29, 2022 at 08:20:50PM -0700 schrieb Bryn Llewellyn: > For the purpose of the tests that follow, I set up the O/S users "bob" and > "mary" so that "id bob mary postgres" shows this: > > id=1002(bob) gid=1001(postgres) groups=1001(postgres) > uid=1003(mary) gid=1001(postgres)

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 2022-10-29 20:20:50 -0700, Bryn Llewellyn wrote: > For the purpose of the tests that follow, I set up the O/S users "bob" and > "mary" so that "id bob mary postgres" shows this: > > id=1002(bob) gid=1001(postgres) groups=1001(postgres) > uid=1003(mary) gid=1001(postgres) groups=1001(p

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 2022-10-29 20:20:50 -0700, Bryn Llewellyn wrote: > My problem stems from the fact that the goal statement that my inner > voice expresses seems so simple to state. This is what I want: > > 1. I want to do this at the O/S prompt on the machine where my PG cluster has > been started: "su mary". >

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 2022-10-29 20:38:07 -0700, David G. Johnston wrote: > Next, I put an identity mapping in for "mary" in "pg_ident.conf" thus: > > # MAPNAME    SYSTEM-USERNAME   PG-USERNAME > # ---    ---   --- >   bllewell   mary              mary > > > As has been said

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

n I want to start a session (I use "psql" here an an example) like this: *"psql -d postgres"*. 3. Then, at the "psql" prompt, I want *"select session_user"* to show "bob". I seriously do not understand why in the world you want an authen

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

le) like > this: *"psql -d postgres"*. > > 3. Then, at the "psql" prompt, I want *"select session_user"* to show > "bob". > I seriously do not understand why in the world you want an authentication system where you tell the server "my user name

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

t a session (I use "psql" here an an example) like this: "psql -d postgres". 3. Then, at the "psql" prompt, I want "select session_user" to show "bob". It would have seemed to me, knowing just that the goal is achievable, that I could express

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On 10/28/22 17:23, Bryn Llewellyn wrote: Adrian, thank you for your reply to my « Seeking the correct term of art for the (unique) role that is usually called "postgres"... » thread here: It got me in without error. (And, as hoped for, there was no password challenge.) But "select current_ro

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

On Fri, Oct 28, 2022 at 5:26 PM Bryn Llewellyn wrote: > > And I simply decided to follow its spirit with "bob" mapping to "alice", > thus: > > *# MAPNAME SYSTEM-USERNAME PG-USERNAME* > > > *...bllewellbob alice* > Here's my "pg_hba.conf": > > > *...* > >

Re: "peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

> > > > *sudo systemctl stop postgresql**sudo * > *systemctl start postgresql**pg_ctl reload -D /etc/postgresql/11/main/* > > (I know that I could've used "systemctl restart ".) Like I said elsewhere, > the "reload" seems to be superfluous. But it costs nothing to do it. > > Actually, you only n

"peer" authentication: cannot make "pg_ident.conf" work as I believe that the doc says that it should

fa8-72af-701c-cf6f-5336a1a35...@aklaver.com> I'm starting a new thread because my question, now, has nothing to do with the role whose interim name was deemed to be best spelled "bootstrap super user" for the time being. This question is about "peer" authentication. I a

SV: GSSAPI authentication

Thank you for your suggestion. I arrived at the same suspicion. And that was it. Reverse DNS was not set up correctly. Fra: Michael van der Kolff Sendt: 6. juni 2022 15:50 Til: Niels Jespersen Cc: pgsql-general list Emne: Re: GSSAPI authentication From the tiny bit I know about this, and a

Re: GSSAPI authentication

3 PM Niels Jespersen wrote: >> >>> *Fra:* Michael van der Kolff >>> *Sendt:* 6. juni 2022 14:26 >>> *Til:* Niels Jespersen >>> *Cc:* pgsql-general list >>> *Emne:* Re: GSSAPI authentication >>> >>> >>> >>

Re: GSSAPI authentication

olff >> *Sendt:* 6. juni 2022 14:26 >> *Til:* Niels Jespersen >> *Cc:* pgsql-general list >> *Emne:* Re: GSSAPI authentication >> >> >> >> >This sounds like your PG service was unable to authenticate itself to AD. >> >> > >> >

Re: GSSAPI authentication

ell. --Michael On Mon, Jun 6, 2022 at 11:33 PM Niels Jespersen wrote: > *Fra:* Michael van der Kolff > *Sendt:* 6. juni 2022 14:26 > *Til:* Niels Jespersen > *Cc:* pgsql-general list > *Emne:* Re: GSSAPI authentication > > > > >This sounds like your PG se

SV: GSSAPI authentication

Fra: Michael van der Kolff Sendt: 6. juni 2022 14:26 Til: Niels Jespersen Cc: pgsql-general list Emne: Re: GSSAPI authentication >This sounds like your PG service was unable to authenticate itself to AD. > >There's probably a trick to that somewhere - AD doesn't really want

Re: GSSAPI authentication

Looking closely at a configuration guide for MSSQL with Kerberos authentication, I see this part: https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-ver16#Manual. It looks like it might be adapted to

Re: GSSAPI authentication

ux host (Ubuntu 22.04) is joined to the domain. Logon to Linux works > fine, access to Windows cifs shares works fine authentication with > Kerberos. > > > > But psql won't connect using GSSAPI. It does hit the right pg_hba.conf > line and the username is translated via pg_i

GSSAPI authentication

) is joined to the domain. Logon to Linux works fine, access to Windows cifs shares works fine authentication with Kerberos. But psql won't connect using GSSAPI. It does hit the right pg_hba.conf line and the username is translated via pg_ident.conf, just fine. But psql says psql:

Re: Why password authentication failed for user "postgres"?

postgresql user"), > but some kind of authorization, like md5, and use it with IP address. > This is simply wrong (though I suppose only in a corner case). You must connect via socket but peer authentication can still work. In particular, so long as the value specified for "-U&

Re: Why password authentication failed for user "postgres"?

On 2022-06-04 00:32, BeginnerC wrote: Hello everyone, I am a newbie to the postgres,when I use the psql to connect to the postgres,a error message printed: These command list like this: psql -U postgres Password for user postgres:postgres *postgreSQL: password authentication failed for user

Re: Why password authentication failed for user "postgres"?

t; *postgreSQL: password authentication failed for user "postgres"* > > How to solve this problem? > Thanks in advance! > The password you type should not be showing up as you type it, which is what you appear to be showing above. Also, 'postgres' is a horrible password, y

Re: Why password authentication failed for user "postgres"?

gt; postgreSQL: password authentication failed for user "postgres" > > How to solve this problem? > Thanks in advance! this may work... switch user to postgres. $ sudo su - postgres login to postgres $ psql  reset the password for postgres postgres-# \password

Why password authentication failed for user "postgres"?

Hello everyone, I am a newbie to the postgres,when I use the psql to connect to the postgres,a error message printed: These command list like this: psql -U postgres Password for user postgres:postgres *postgreSQL: password authentication failed for user "postgres"* * * How to

Re: Multiple LDAP Servers for ldap Authentication

t; > -Original Message- > From: Alvaro Herrera [mailto:alvhe...@2ndquadrant.com] > Sent: Thursday, December 20, 2018 3:25 PM > To: Kumar, Virendra > Cc: pgsql-general@lists.postgresql.org > Subject: Re: Multiple LDAP Servers for ldap Authentication > > On 2018-Dec-20, Kuma

Re: Enterprise Active Directory Authentication?

On Wed, 2021-03-24 at 22:26 +, Hilbert, Karin wrote: > Is it possible to allow connections from [active directory] groups instead of > individual accounts & if so, > can you tell me how the config files would be changed to allow it? The authentication is no problem, but you n

Enterprise Active Directory Authentication?

I manage a PostgreSQL database cluster - PostgreSQL v12.4. Our database cluster is on a Linux VM, with OS: Flavor: redhat_7 Release: 3.10.0-1160.15.2.el7.x86_64 We have a repmgr cluster of 1 Primary & 2 Standby servers & use another server with PgBouncer to direct the connections to the curre

Re: how to troubleshoot: FATAL: canceling authentication due to timeout

f those users being locked out, the rest keep working fine) > > The errors is as follows: > LOG: pam_authenticate failed: Authentication failure > FATAL: canceling authentication due to timeout > > Our setup: > 3 nodes cluster > - Centos 7 > - Streaming replication in place

Re: how to troubleshoot: FATAL: canceling authentication due to timeout

restarted. (That user is being used by multiple instances of the same application, it also happens using dedicated users for each application, resulting on one of those users being locked out, the rest keep working fine) The errors is as follows: LOG: pam_authenticate failed: Authentication

how to troubleshoot: FATAL: canceling authentication due to timeout

happens using dedicated users for each application, resulting on one of those users being locked out, the rest keep working fine) The errors is as follows: LOG: pam_authenticate failed: Authentication failure FATAL: canceling authentication due to timeout Our setup: 3 nodes cluster - Centos 7

Re: How to debug authentication issues in Postgres

My password had ascii spaces in it which the jdbc implementation stripped as a part of normalization of scram passwords causing authentication failures. I have submitted a PR. Hope it gets merged. The fix was literally one character because of which I spent days chasing the bug lol On Sun, Nov 29

Re: How to debug authentication issues in Postgres

IIRC you need libpq at least 10 to use password encryption other than md5. Maybe your java client uses an older version, or no libpq at all and the client library misses that feature? -- Daniele On Sat, 28 Nov 2020, 16:12 Hemil Ruparel, wrote: > I am unable to connect using Java in general. An

Re: How to debug authentication issues in Postgres

Thanks. I will On Sat, Nov 28, 2020 at 9:49 PM Adrian Klaver wrote: > On 11/28/20 8:11 AM, Hemil Ruparel wrote: > > I am unable to connect using Java in general. And DataGrip runs on Java > > as far as I know. My backend in python runs perfectly fine using the > > psycopg2 library (postgres driv

Re: How to debug authentication issues in Postgres

On 11/28/20 8:11 AM, Hemil Ruparel wrote: I am unable to connect using Java in general. And DataGrip runs on Java as far as I know. My backend in python runs perfectly fine using the psycopg2 library (postgres driver for python). At this point I would file an issue here: https://github.com/pg

Re: How to debug authentication issues in Postgres

I am unable to connect using Java in general. And DataGrip runs on Java as far as I know. My backend in python runs perfectly fine using the psycopg2 library (postgres driver for python). I was actually changing the database name and user name On Sat, Nov 28, 2020 at 9:28 PM Adrian Klaver wrote:

Re: How to debug authentication issues in Postgres

On 11/28/20 6:10 AM, Hemil Ruparel wrote: Line 88 is this line: host    database    user 0.0.0.0/0               scram-sha-256. I might have forgotten to change one of the names in the earlier mails. Change from what? This should just be a copy and paste or am I missing s

  1   2   3   >