'How to Force Postgresql User Login with Password
All I did is in my local machine(Mac OS).
After installing the postgresql, I created a user named poet with password, then created a database named poems and the database's owner is poet.
What I am curious is that I can log into poems with poet without password.
The command is psql -U poet -d poems
.
Then what's the usage of the password?
I know that I can add -W to get the password prompt psql -U poet -d poems -W
, but I can still log in even with a wrong password!
Then I modify the config file(/usr/local/var/postgres/pg_hba.conf) like below:
# "local" is for Unix domain socket connections only
#local all all trust
local all all password
# IPv4 local connections:
#host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 password
# IPv6 local connections:
#host all all ::1/128 trust
host all all ::1/128 password
And restart the server, I still don't need to provide the password to log into the database.
Can someone tell how to force the server to verify the correctness of login password?
Solution 1:[1]
This was happening to me as well. Non privileged accounts were able to login with invalid passwords. The steps I took to resolve it were.
Find the right pg_hba.conf file.
$ psql -h 127.0.0.1 -U admin -W postgres
Password for user admin:
psql (9.6.5)
Type "help" for help.
openproject_dev=# SHOW hba_file ;
hba_file
-------------------------------------
/usr/local/var/postgres/pg_hba.conf
(1 row)
Edit the file to force password login ... Leave admin (superuser) as trust. I used md5 instead of password .. password worked as well.
# "local" is for Unix domain socket connections only
local all admin trust
local all all md5
# IPv4 local connections:
host all admin 127.0.0.1/32 trust
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all admin ::1/128 trust
host all all ::1/128 md5
Save pg_hba.conf file and restart the postgres server.
Solution 2:[2]
Maybe it will work for you to create the database's user and schema in PostgreSQL:
- Log into PostgreSQL from the
postgres
user
$ sudo -u postgres psql postgres
- Once in, create the user and database
CREATE ROLE myuser LOGIN PASSWORD 'mypass';
CREATE DATABASE mydatabase WITH OWNER = myuser;
- Log into PostgreSQL from the new user account
$ psql -h localhost -d mydatabase -U myuser -p <port>
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Keith John Hutchison |
Solution 2 | Adonis Gaitatzis |