Can't authenticate user with postgresql on Linux Centos - ruby-on-rails

PG 9.4
Centos 6.7
I successfully installed Postgres 9.4 on Centos. I am checking my authentication through pgAdmin. I can create new users etc with the Centos terminal.
However, after the user and passwords are created, I can't use them to access localhost on Postgres. I get the error: 'FATAL: Ident authentication failed for user "pguser"'
The weird thing is, I can login using my linux username and NO password. However, as soon as I create a new username and password, it doesn't work.
/var/lib/pgsql/9.4/data/pg_hba.conf file as in password authentication failed for user "postgres":
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
How do I set up a new superuser and password that will properly authenticate? (This user is going to be used to read/write to pg in a ruby on rails app)
Edit: the answer provided below works. You may have to restart your computer or find a good way to kill/restart pg, looks like sometimes the changes to the pg_hba.conf file don't take.

You need to configure your pg_hba.conf file to accept password as the METHOD to get in. If I am reading this correctly, you are attempting to log in to postgres locally with a user and password you configured. So you should configure pg_hba.conf as such:
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all password
After this is done, you should be able to log in locally with the username and password.

Related

Recovering from postgresql password change in Rails application

In testing subscriptions within postgresql, there came a realisation that spaces in passwords were not going to be digested properly. Thus with postgresql commands a role was edited ALTER ROLE deploy WITH PASSWORD '4rut9_qo38'; fictitious pwd
However, from that moment on, an application was responding with:
ActiveRecord::ConnectionNotEstablished
FATAL: password authentication failed for user "deploy"
Now the password is not defined in the application and
bundle exec rails c
Rails.application.credentials.config
{:telegram=>{:bot=>{:token=>"49202[...]
yields no password credential and, noteworthy, no secret_key_base.
pg_hba.conf remains in its default state with an added line for replication purposes
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 10.935.0.18/32 md5
There was an attempt to set the connection via database.yml by adding the password line
development:
<<: *default
database: example_development
password: '4rut9_qo38'
The password in postgresql (v12) was reset to the previous value ALTER ROLE deploy WITH PASSWORD '4rut9 qo38';,
sudo service nginx restart, sudo service postgresql restart and touch tmp/restart.txt to relaunch the app, but to no avail:
ActiveRecord::ConnectionNotEstablished
FATAL: password authentication failed for user "deploy"
The real curiosity arises from a second app on the same server: it IS connecting appropriately, credentials.config has a secret_key_base and database.yml has no password inserted.
Further oddities: one can change the user password via postgresql, add the password to database.yml to the same value and the behaviours of both applications remains unaltered - thereby excluding issues with pg_hba.conf...
Clearly the first app is not well configured (both are rails 6.1.3).
How should the passwords be set in a failsafe manner, assuming that the password of the postgresql deploy user has to change, so that each of these applications runs as expected?
/home/deploy/example/.rbenv-vars needs to be checked; it contains the database connection password.
This can be reset, or given the replication case above, the postgresql role can be amended accordingly.

PostgreSQL in Amazon EC2

I try to set up Amazon EC2 with Vagrant and Chef-zero. Chef contains only one receipt for the installation of Nginx, Ruby, PostgreSQL, that is those utilities that are necessary for a Ruby on Rails stack. For PostgreSQL installation I use this cookbook https://supermarket.chef.io/cookbooks/postgresql. It automatically adds “local all all peer” to the end of pg_hba.conf. If I run Chef on my local machine in VirtualBox, everything is OK. But if I run it on Amazon, PostgreSQL gives an error “invalid authentication method "peer”. What is the reason? Maybe, I should use Amazon RDS instead of running the Ruby stack and PostgreSQL on the same machine? Locally, I use Centos 7.2, but on Amazon EC2 - Amazon Linux AMI 2016.09.0.
/var/lib/pgsql/9.2/data/pg_hba.conf
# This file was automatically generated and dropped off by Chef!
# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file.
# TYPE DATABASE USER ADDRESS METHOD
###########
# Other authentication configurations taken from chef node defaults:
###########
local all postgres ident
local all all ident
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
# "local" is for Unix domain socket connections only
local all all peer
logfile:
LOG: invalid authentication method "peer"
CONTEXT: line 24 of configuration file "/var/lib/pgsql/9.2/data/pg_hba.conf"
FATAL: could not load pg_hba.conf

Setting up local development for Postgres Ruby-on-Rails App

So I'm trying to start working on an existing RubyRails app, I've got RVM, Rails and PostgreSQL set up. I've tested rails server on a test app I made, I can connect to localhost:3000 just fine. When I copy over the existing app I'm trying to work on, cd to it and run rails server, localhost:3000 gives me
PG::ConnectionBad
fe_sendauth: no password supplied
I've looked for a few hours across Google and SO and can't find a proper solution. What I tried after a lot of reading was changing my pg_hba.conf file for postgres to have the following settings:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres md5
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
I saved these changes and restarted the terminal (to reload these changes), and I am getting the same error on localhost:3000, the PG:ConnectionBad error. Could anyone lend a hand? This is so frustrating.
In case it helps, I'm using Ruby 2.1.1 and Rails 4.1.0 and PostgreSQL 9.3 Thank you!
Restarting the terminal is not enough. You can restart Postgres with
service postgresql restart
Looks like there is no password specified for the database:
fe_sendauth: no password supplied
You can see how you specify username and password for your database here:
http://guides.rubyonrails.org/configuring.html#configuring-a-database

Trying to set up postgres for ror app, getting error - fe_sendauth: no password supplied

Getting:
An error has occurred:
Error connecting to the server: fe_sendauth: no password supplied
Settings in database.yml are the same as the app setup on other machines.
How can I set things up so that I don't need a password hardcoded?
I can view the db ok using PgAdmin-III.
I'd rather not have the password in database.yml as other machines using this app don't have/need it, so it seems likely to be something about my Pg install.
You need to change your change your pg_hba.conf. Here's an example of mine:
pg_hba.conf:
TYPE DATABASE USER ADDRESS METHOD
host all all 127.0.0.1/32 trust
host all PC 127.0.0.1/32 trust
host all all ::1/128 trust
Note that trust means that anyone on address (in this case localhost) can connect as the listed user (or in this case any user of their choice). This is really only suitable for development configurations with unimportant data. Do not use this in production.
#rodrigo-zurek was spot on; you have to change the pg_hba.conf. Just want to add this answer for the OSX users because the pg_hba.conf is located in a different place by default.
sudo su - postgres
vim /Library/PostgreSQL/<YOUR_VERSION>/data/pg_hba.conf
The default will have md5 in the column METHOD, but replace all of those with trust:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Then, open up pgAdmin III inside your Applications/PostgreSQL 9.X, right click the database (e.g. PostgreSQL 9.4 (localhost)), and click Reload Configuration. After this, I was able to rake db:create.
No password supplied means you have set it up to require password authentication and no password is being supplied. Here is documentation for 9.0: http://www.postgresql.org/docs/9.0/static/auth-methods.html
Keep in mind that local auth was changed from "ident" to "peer" in 9.1 to avoid confusion. See the 9.1 docs at http://www.postgresql.org/docs/9.1/static/auth-methods.html
Also keep in mind that this is an ordered rule set with first match governing. Furthermore local and localhost are different. Local is for local UNIX domain socket connections, while host localhost would be for network connections to localhost. So it sounds like you have some troubleshooting to do but hopefully the docs should help.
#appveyor.yml
services: postgresql
test_script:
- SET PGUSER=postgres
- SET PGPASSWORD=Password12!
- PATH=C:\Program Files\PostgreSQL\9.6\bin\;%PATH%

Can ActiveRecord connect to PostgreSQL remotely and protect the DB password?

I have a PostgreSQL DB on a remote VPS server (CentOS 5) and I'd like to connect to have a Rails application connect to it from my local Mac laptop. On my laptop, I have the ActiveRecord PostgreSQL adapter installed -- postgres (0.7.9.2008.01.28).
I read in the PostgreSQL docs:
The password-based authentication methods are md5, crypt, and password. These methods operate similarly except for the way that the password is sent across the connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
[...]
If you are at all concerned about password "sniffing" attacks then md5 is preferred...Plain password should be avoided especially for connections over the open Internet (unless you use SSL, SSH, or another communications security wrapper around the connection).
In a standard Rails database.yml would have something like this for a localhost connection...
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
But there's nothing in there about the authentication method discussed in the PostgreSQL docs. Is there as option to have something like "auth_method: md5"?
Regardless of whether Postgres allows this functionality, you can enable a secure connection to a remote database by using SSH tunneling. Here's the gratuitous Stack Overflow paste-in from the Web docs:
First make sure that an SSH server is
running properly on the same machine
as the PostgreSQL server and that you
can log in using ssh as some user.
Then you can establish a secure tunnel
with a command like this from the
client machine:
ssh -L 3333:foo.com:5432 joe#foo.com
The first number in the -L argument,
3333, is the port number of your end
of the tunnel; it can be chosen
freely. The second number, 5432, is
the remote end of the tunnel: the port
number your server is using. The name
or IP address between the port numbers
is the host with the database server
you are going to connect to. In order
to connect to the database server
using this tunnel, you connect to port
3333 on the local machine:
psql -h localhost -p 3333 postgres To
the database server it will then look
as though you are really user
joe#foo.com and it will use whatever
authentication procedure was
configured for connections from this
user and host. Note that the server
will not think the connection is
SSL-encrypted, since in fact it is not
encrypted between the SSH server and
the PostgreSQL server. This should not
pose any extra security risk as long
as they are on the same machine.
In case you want more, you can find it online by searching for "SSL tunnel" or "postgres SSL tunnel". Here's the Postgres site where I got the above:
http://www.postgresql.org/docs/current/static/ssh-tunnels.html
To summarize for Rails, you would then do the following:
1) In a terminal window, run the first ssh command above to establish the tunnel.
2) Set your database props like so:
development:
adapter: postgresql
database: journalapp_development
username: xxx
password: yyy
host: localhost
port: 3333
I had a look online and there doesn't seem to be an option for what you're looking for and in fact the client library, libpq doesn't mention this either.
My guess is that this is negotiated on your behalf within libpq. In any case, md5 is likely to be the default authentication method.
If you connect to a PostgreSQL server over insecure channel you need to encrypt your communication with SSL or (as runako has explained) SSH Tunneling.

Resources