Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tnige-0010Db-Nq
	for pgsql-general@arkaria.postgresql.org; Thu, 27 Feb 2025 18:32:45 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tnigf-002W2V-DL
	for pgsql-general@arkaria.postgresql.org; Thu, 27 Feb 2025 18:32:44 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1tnigf-002W0l-2Q
	for pgsql-general@lists.postgresql.org; Thu, 27 Feb 2025 18:32:43 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1tnigb-0001Ps-2x
	for pgsql-general@postgresql.org;
	Thu, 27 Feb 2025 18:32:42 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 51RIWcdA2602740;
	Thu, 27 Feb 2025 13:32:38 -0500
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Adrian Klaver <adrian.klaver@aklaver.com>
cc: Alexander Farber <alexander.farber@gmail.com>,
        pgsql-general <pgsql-general@postgresql.org>
Subject: Re: How to debug: password authentication failed for user
In-reply-to: <d9cb5aab-417d-40b3-80f1-6c26acc7c839@aklaver.com>
References: <CAADeyWjQNmfiQxaiRF0tkZ-kZyApPJT00xbmcMtj+oToSPGoWQ@mail.gmail.com> <056ebaa8-94bb-461d-905c-4035eab9ceac@aklaver.com> <CAADeyWjAUV8q_gdmEA=G4H5b66gaZopp42bTch27okCxPTS=hQ@mail.gmail.com> <d9cb5aab-417d-40b3-80f1-6c26acc7c839@aklaver.com>
Comments: In-reply-to Adrian Klaver <adrian.klaver@aklaver.com>
	message dated "Thu, 27 Feb 2025 10:21:04 -0800"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2602738.1740681158.1@sss.pgh.pa.us>
Date: Thu, 27 Feb 2025 13:32:38 -0500
Message-ID: <2602739.1740681158@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/2602739.1740681158%40sss.pgh.pa.us>
Precedence: bulk

Adrian Klaver <adrian.klaver@aklaver.com> writes:
> My guess it has to do with:
> -c 'ALTER USER timeshift_user PASSWORD '"'"'timeshift_pass'"'"';'
> I am still trying to work out what that quoting is doing?

That makes my head hurt, too.  Using log_statement to see what's
actually getting sent to the server, I can see that as given
it looks to be fine --- but if you put a shell variable in for
the password as per the original intention, it's not expanded.
I think what you need is

 -c 'ALTER USER timeshift_user PASSWORD '"'$PASSWORD'"';'

Note this will fall over with potential for SQL injection if there's a
single quote in the password, so better not use it with untrusted
input.  On the whole I'd say "find some other way to do that".

			regards, tom lane