3

This is the relevant part of my pg_hba.conf:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     ident
# IPv4 local connections:
host    all             all             127.0.0.1/32            ident
# IPv6 local connections:
host    all             all             ::1/128                 ident

The pidentd service is running.

When I try to log onto ee1 (I assume, the default user is postgres) :

psql ee1

It says "peer authentication failed for user postgres"

  1. Where have I configured peer authentication for "postgres" ? It's ident.

  2. When I change the following line in pg_hba.conf:

    local   all             all                                 ident

    to

    local   all             all                                 md5

    it asks me for a password, and I am able to log in. Why is it that making changes to the local connection type, have effect on postgres user?

Improve this question

2 Answers 2

Reset to default
3

ident authentication means that your OS user matches DB user. It is support only for TCP/IP connections as relevant entry in docs states. If used with Unix socket, Peer authentication method will be used instead.

Also, note, that default user is not postgres, but the one you're currently logged in with.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I am logged to my system with my own username, then why is it saying that "peer authentication failed for user 'postgres'"
3

local is a connection type used in the pg_hba.conf file, while localhost is the network address for local loopback and translates to the IPv4 address 127.0.0.1, or IPv6 ::1.
The manual on pg_hba.conf:

local

This record matches connection attempts using Unix-domain sockets. Without a record of this type, Unix-domain socket connections are disallowed.

host

This record matches connection attempts made using TCP/IP. host records match either SSL or non-SSL connection attempts.

Note: Remote TCP/IP connections will not be possible unless the server is started with an appropriate value for the listen_addresses configuration parameter, since the default behavior is to listen for TCP/IP connections only on the local loopback address localhost.

For the GUC¹ listen_addresses in postgresql.conf, localhost also serves as setting:
¹Grand Unified Configuration

The default value is localhost, which allows only local TCP/IP "loopback" connections to be made.

Bold emphasis mine.

Improve this answer

2 Comments

I specified md5 for the 'host' connection type (with loopback address).. and tried 'psql ee1' and it never asked me for a password, but when I specified md5 for the 'local' connection type, it started asking me for a password. Why is that ? How do I know whether I am using Unix sockets to access localhost or using TCP/IP to access localhost ?
@Daud: If you connect locally (for instance, with psql on the same machine) the settings for host in pg_hba.conf are ineffective and the settings for the local connection type are relevant. You are automatically using a Unix socket when you don't supply a network address in your connection (and therefore, connect locally).

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.