Starting to develop my first Ruby on Rails app with postgresql on Ubuntu. I have created a postgresql user with a password. In the database.yml, I put in the postgresql username and password.
Whenever I run a rake db:migrate it executes without error no matter what I change the password to in the database.yml - even if the password field is blank. If I change the username I get an authentication error.
How do I get Ruby on Rails database to use a password?
TIA
You're probably using ident or even trust authentication. A quick synopsis of the most common authentication methods:
trust - You can log in no matter what.
ident - You can log in if your UNIX username is the same as the PostgreSQL username.
md5 - You can log in if your password (encrypted with md5) is correct.
Edit: PostgreSQL 9.0 introduced the peer authentication method. From what I gather, ident and peer have the same purpose—your login is determined by your operating system username—but ident talks to an ident server listening on port 113, while peer looks up your credentials with a system call. See http://www.postgresql.org/docs/9.1/static/auth-methods.html#AUTH-IDENT
Locate your pg_hba.conf file, and see if you can find something that looks like this:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
When you try to connect, PostgreSQL goes through this line-by-line. If the connection type (e.g. local, host), database, user (database user, not system user), and address all match up, it will use the given authentication method.
If you want to require a password to access your own PostgreSQL user, you could add a line like this at the top, before the local all all ident line:
# TYPE DATABASE USER CIDR-ADDRESS METHOD
local mydbname myusername md5
Be sure to restart PostgreSQL after changing pg_hba.conf.
I've only barely used PostgreSQL, but I do know it has a feature called sameuser. If the name of the system user matches the name of the database user, the password is not required. So, if I logged into this computer with the username "matchu", and there is a user in PostgreSQL named "matchu", I could log in to that database user without additional authentication.
Could that be what's going on here?
Related
I check on internet but every answer to this problem failed on my case.
I'm using ruby on rail and Heroku on Cloud 9 IDE. everything is up to date.
I try to link the Ruby project to Heroku postgres (Postgresql). i followed postgres guide to first understand how it work but when i try to access my localhost, i get this message : fe_sendauth: no password supplied
I modified pg_hba.conf but it failed so I remove changes
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
in the postgresql.conf I replace Localhost by *
listen_addresses = '*'
on database.yaml i tried to let password empty. currentrly, in production and developpement i let it with "" empty
password: ""
I tried sudo service postgresql restart but still nothing, the issue is still here
I don't know what can i do after that
When using Heroku you should set an ENV variable called DATABASE_URL that will take precedence over whatever you add on the database.yml
I'm attempting to deploy a rails app to AWS. The deploy fails with
PG::ConnectionBad: FATAL: Ident authentication failed for user "postgres"
My database.yml file (merged by capistrano from the shared dir under my app root) looks like this
production:
adapter: postgresql
encoding: unicode
database: tpms_prod
username: postgres
host: 127.0.0.1
port: 5432
and the pg_hba.conf is the default and looks like this
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
I've tried changing the authentication settings in pg_hba.conf to password but that still reports a failing Ident authentication!
I've tried adding a new super user to the database and using that user in the database.yml file - but the ident auth fails for that user as well, so I know that the database.yml file is being used by the deploy process.
If I understand the ident mechanism correctly, then the user requesting the connection just has to 'be' a declared user and this is borne out on the command line.
might be wrong.... but for me ident means that you must have the same username between the database (the db user must be created) and the client (here it's rails).
it means that if you want it to work, you should run your rails app as "postgres" user (which might not be the best idea)
I'm setting up my local postgresql database for a rails project (that I'm joining), and have done the following:
Installed postgres
Added/bundled 'pg' gem
Created a db user named "foobar"
Created a db named "foobar_development"
The rails app comes with a rake db:migrate task. When I run this task, I get the following error output:
FATAL: no pg_hba.conf entry for host "::1", user "foobar", database "foobar_development", SSL off
I found a pg_hba.conf file in the following location:
/usr/local/var/postgres
Here's the relevant part of the pg_hba.conf file:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication jimmyli trust
#host replication jimmyli 127.0.0.1/32 trust
#host replication jimmyli ::1/128 trust
I am using the postgres that came with my Mac (version 9.2.4), although I'm worried I might have installed another version of it somewhere else (and ought to remove it - anyway I can check this?). I am also using Postgres.app to run psql. (http://postgresapp.com/).
I think my pg_hba.conf file ought to work correctly (since I'm giving all users access to all dbs), so I wonder if there's another pg_hba.conf file out there, and that I'm looking at the wrong one/one that's not being used. How can I test this hypothesis?
Got it! Looks like I was looking at the wrong/irrelevant pg_hba.conf file. To find the right one, I logged into the db with psql and ran "SHOW hba_file"
This gave me the path to the relevant file, which in my case was:
/Library/PostgreSQL/9.1/data
I then added the right lines (see my question) to this question, and everything worked!.
Did you reload postgresql after making the change to your pg_hba.conf file? Try logging into the db as a superuser and issue select pg_reload_conf(); to reload the pg_hba.conf and postgresql.conf files.
pg_hba.conf is supposed to be copied to your data directory. According to the list here, it should be in ~/Library/Application\ Support/Postgres/var. Hope that helps...
Set the following environment variable in command line to require SSL for Postgres connections:
$ export PGSSLMODE=require
I'm very new to Ruby and postgres.
Below is my database.yml
development:
adapter: postgresql
database: test_database
username: postgresql
password: mypassword
host: localhost
encoding: utf8
The user exists and I'm, able to login using same credentials in phpPgadmin. But when I start rails server and go to home page of app, I get FATAL: Ident authentication failed for user "postgresql".
Edit: In case pghba.conf matters,
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
#local all all peer
local all postgres md5
local all postgresql md5
Could anyone please help ?
open PostgreSQL client authentication configuration file
vi /var/lib/pgsql/data/pg_hba.conf
This file manage below stuffs
Which hosts are allowed to connect
How clients are authenticated
Which PostgreSQL user names they can use
Which databases they can access
By default Postgresql uses IDENT-based authentication. All you have to do is allow username and password based authentication for your network or webserver. IDENT will never allow you to login via -U and -W options. Append following to allow login via localhost only:
local all all trust
host all 127.0.0.1/32 trust
Save and close the file. Restart Postgresql server:
service postgresql restart OR
sudo /etc/init.d/postgresql restart
It should work
I can find my pg_hba.conf file in the path:
/etc/postgresql/8.4/main/pg_hba.conf
For anyone who still can't find their pg_hba.conf file, I'm using PostgreSQL v9.2 and I found mine in:
/var/lib/pgsql/9.2/data/pg_hba.conf
When I execute heroku db:pull it finds my local dev db at:
postgres://127.0.0.1/myapp_development?encoding=utf8
once I confirm though, it fails with:
Sequel::DatabaseConnectionError -> PGError: fe_sendauth: no password supplied
I tried running the pull with the local db specified, e.g.
heroku db:pull postgres://root:#localhost/db_name
which gives the same no password supplied error.
I thought I may need to change root: to myname: because thats the user I granted superuser rights to when I setup postgres but neither root: or myname: works
My database.yml has username: and password: blank for all databases specified.
From the command line as myname#ubuntu I can type psql myapp_development and connect fine and run selects.
What am I missing here?
Is it related to my pg_hba.conf settings? I had a look inside that and it says:
# Database administrative login by UNIX sockets
local all postgres ident
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Should 'trusted' be used there? And if so if I edit that file do I need to restart postgres? And if 'trust' is necessary then how come rails and the psql command line tools work without passwords when logged in as my myname user?
Thank you!
Authentication method trust might do the trick, but as you are undoubtedly aware, this is not secure.
After editing pg_hba.conf, you don't have to restart. A reload is enough (quoting the manual):
The pg_hba.conf file is read on start-up and when the main server
process receives a SIGHUP signal. If you edit the file on an active
system, you will need to signal the postmaster (using pg_ctl reload or
kill -HUP) to make it re-read the file.
pg_ctl reload
See the fine manual. You might need the manual for version for 8.3. Shared db on heroku currently runs on PostgreSQL 8.3. (Also, I doubt you have access to pg_ctl on heroku.)
Be aware of this:
If no password has been set up for a user, the stored password is null
and password authentication will always fail for that user.
Emphasis mine. You might be able to log in locally, because the auth-methods ident or peer allow for that. But for your purpose you may need a password!