In testing subscriptions within postgresql, there came a realisation that spaces in passwords were not going to be digested properly. Thus with postgresql commands a role was edited ALTER ROLE deploy WITH PASSWORD '4rut9_qo38'; fictitious pwd
However, from that moment on, an application was responding with:
ActiveRecord::ConnectionNotEstablished
FATAL: password authentication failed for user "deploy"
Now the password is not defined in the application and
bundle exec rails c
Rails.application.credentials.config
{:telegram=>{:bot=>{:token=>"49202[...]
yields no password credential and, noteworthy, no secret_key_base.
pg_hba.conf remains in its default state with an added line for replication purposes
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 10.935.0.18/32 md5
There was an attempt to set the connection via database.yml by adding the password line
development:
<<: *default
database: example_development
password: '4rut9_qo38'
The password in postgresql (v12) was reset to the previous value ALTER ROLE deploy WITH PASSWORD '4rut9 qo38';,
sudo service nginx restart, sudo service postgresql restart and touch tmp/restart.txt to relaunch the app, but to no avail:
ActiveRecord::ConnectionNotEstablished
FATAL: password authentication failed for user "deploy"
The real curiosity arises from a second app on the same server: it IS connecting appropriately, credentials.config has a secret_key_base and database.yml has no password inserted.
Further oddities: one can change the user password via postgresql, add the password to database.yml to the same value and the behaviours of both applications remains unaltered - thereby excluding issues with pg_hba.conf...
Clearly the first app is not well configured (both are rails 6.1.3).
How should the passwords be set in a failsafe manner, assuming that the password of the postgresql deploy user has to change, so that each of these applications runs as expected?
/home/deploy/example/.rbenv-vars needs to be checked; it contains the database connection password.
This can be reset, or given the replication case above, the postgresql role can be amended accordingly.
Related
PG 9.4
Centos 6.7
I successfully installed Postgres 9.4 on Centos. I am checking my authentication through pgAdmin. I can create new users etc with the Centos terminal.
However, after the user and passwords are created, I can't use them to access localhost on Postgres. I get the error: 'FATAL: Ident authentication failed for user "pguser"'
The weird thing is, I can login using my linux username and NO password. However, as soon as I create a new username and password, it doesn't work.
/var/lib/pgsql/9.4/data/pg_hba.conf file as in password authentication failed for user "postgres":
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
How do I set up a new superuser and password that will properly authenticate? (This user is going to be used to read/write to pg in a ruby on rails app)
Edit: the answer provided below works. You may have to restart your computer or find a good way to kill/restart pg, looks like sometimes the changes to the pg_hba.conf file don't take.
You need to configure your pg_hba.conf file to accept password as the METHOD to get in. If I am reading this correctly, you are attempting to log in to postgres locally with a user and password you configured. So you should configure pg_hba.conf as such:
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all password
After this is done, you should be able to log in locally with the username and password.
So I'm trying to start working on an existing RubyRails app, I've got RVM, Rails and PostgreSQL set up. I've tested rails server on a test app I made, I can connect to localhost:3000 just fine. When I copy over the existing app I'm trying to work on, cd to it and run rails server, localhost:3000 gives me
PG::ConnectionBad
fe_sendauth: no password supplied
I've looked for a few hours across Google and SO and can't find a proper solution. What I tried after a lot of reading was changing my pg_hba.conf file for postgres to have the following settings:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres md5
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
I saved these changes and restarted the terminal (to reload these changes), and I am getting the same error on localhost:3000, the PG:ConnectionBad error. Could anyone lend a hand? This is so frustrating.
In case it helps, I'm using Ruby 2.1.1 and Rails 4.1.0 and PostgreSQL 9.3 Thank you!
Restarting the terminal is not enough. You can restart Postgres with
service postgresql restart
Looks like there is no password specified for the database:
fe_sendauth: no password supplied
You can see how you specify username and password for your database here:
http://guides.rubyonrails.org/configuring.html#configuring-a-database
Getting:
An error has occurred:
Error connecting to the server: fe_sendauth: no password supplied
Settings in database.yml are the same as the app setup on other machines.
How can I set things up so that I don't need a password hardcoded?
I can view the db ok using PgAdmin-III.
I'd rather not have the password in database.yml as other machines using this app don't have/need it, so it seems likely to be something about my Pg install.
You need to change your change your pg_hba.conf. Here's an example of mine:
pg_hba.conf:
TYPE DATABASE USER ADDRESS METHOD
host all all 127.0.0.1/32 trust
host all PC 127.0.0.1/32 trust
host all all ::1/128 trust
Note that trust means that anyone on address (in this case localhost) can connect as the listed user (or in this case any user of their choice). This is really only suitable for development configurations with unimportant data. Do not use this in production.
#rodrigo-zurek was spot on; you have to change the pg_hba.conf. Just want to add this answer for the OSX users because the pg_hba.conf is located in a different place by default.
sudo su - postgres
vim /Library/PostgreSQL/<YOUR_VERSION>/data/pg_hba.conf
The default will have md5 in the column METHOD, but replace all of those with trust:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Then, open up pgAdmin III inside your Applications/PostgreSQL 9.X, right click the database (e.g. PostgreSQL 9.4 (localhost)), and click Reload Configuration. After this, I was able to rake db:create.
No password supplied means you have set it up to require password authentication and no password is being supplied. Here is documentation for 9.0: http://www.postgresql.org/docs/9.0/static/auth-methods.html
Keep in mind that local auth was changed from "ident" to "peer" in 9.1 to avoid confusion. See the 9.1 docs at http://www.postgresql.org/docs/9.1/static/auth-methods.html
Also keep in mind that this is an ordered rule set with first match governing. Furthermore local and localhost are different. Local is for local UNIX domain socket connections, while host localhost would be for network connections to localhost. So it sounds like you have some troubleshooting to do but hopefully the docs should help.
#appveyor.yml
services: postgresql
test_script:
- SET PGUSER=postgres
- SET PGPASSWORD=Password12!
- PATH=C:\Program Files\PostgreSQL\9.6\bin\;%PATH%
I fear this may be a dumb question/easy fix, but have been stuck for a while. Would really appreciate any feedback you may have.
Both my development and production databases are Postgres. After pushing to Heroku, I was having issues with my scss files in my development environment. (Updates to the SCSS files were not reflected in my DEVELOPMENT environment, despite having the default config. settings. Not sure if this is an expected result from precompiling for the production env.)
After restarting my system, I can no longer connect to the Postgres database. I get the same error through the command line (rails s) and pgAdminIII, that says, "
could not connect to server: Connection refused (0x0000274D/10061) Is the
server running on host "127.0.0.1" and accepting TCP/IP connections on port
5432?
My files are configured as below, and fit the descriptions given in the other posts I found related to this issue. Also, I am able to access localhost:3000 with my SQLite3 projects.
Any feedback would be appreciated.
My postgresql.conf file
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*'
port = 5432
max_connections = 100
My pg_hba.conf file
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
I ended up doing a full uninstall, then configured the postgres service to use my local system account. Now I can connect to my postgres server without issue.
I have a PostgreSQL DB on a remote VPS server (CentOS 5) and I'd like to connect to have a Rails application connect to it from my local Mac laptop. On my laptop, I have the ActiveRecord PostgreSQL adapter installed -- postgres (0.7.9.2008.01.28).
I read in the PostgreSQL docs:
The password-based authentication methods are md5, crypt, and password. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
[...]
If you are at all concerned about password "sniffing" attacks then md5 is preferred...Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).
In a standard Rails database.yml would have something like this for a localhost connection...
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
But there's nothing in there about the authentication method discussed in the PostgreSQL docs. Is there as option to have something like "auth_method: md5"?
Regardless of whether Postgres allows this functionality, you can enable a secure connection to a remote database by using SSH tunneling. Here's the gratuitous Stack Overflow paste-in from the Web docs:
First make sure that an SSH server is
running properly on the same machine
as the PostgreSQL server and that you
can log in using ssh as some user.
Then you can establish a secure tunnel
with a command like this from the
client machine:
ssh -L 3333:foo.com:5432 joe#foo.com
The first number in the -L argument,
3333, is the port number of your end
of the tunnel; it can be chosen
freely. The second number, 5432, is
the remote end of the tunnel: the port
number your server is using. The name
or IP address between the port numbers
is the host with the database server
you are going to connect to. In order
to connect to the database server
using this tunnel, you connect to port
3333 on the local machine:
psql -h localhost -p 3333 postgres To
the database server it will then look
as though you are really user
joe#foo.com and it will use whatever
authentication procedure was
configured for connections from this
user and host. Note that the server
will not think the connection is
SSL-encrypted, since in fact it is not
encrypted between the SSH server and
the PostgreSQL server. This should not
pose any extra security risk as long
as they are on the same machine.
In case you want more, you can find it online by searching for "SSL tunnel" or "postgres SSL tunnel". Here's the Postgres site where I got the above:
http://www.postgresql.org/docs/current/static/ssh-tunnels.html
To summarize for Rails, you would then do the following:
1) In a terminal window, run the first ssh command above to establish the tunnel.
2) Set your database props like so:
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
port: 3333
I had a look online and there doesn't seem to be an option for what you're looking for and in fact the client library, libpq doesn't mention this either.
My guess is that this is negotiated on your behalf within libpq. In any case, md5 is likely to be the default authentication method.
If you connect to a PostgreSQL server over insecure channel you need to encrypt your communication with SSL or (as runako has explained) SSH Tunneling.