Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1soAGp-008mGY-3E for pgsql-general@arkaria.postgresql.org; Tue, 10 Sep 2024 23:27:40 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1soAGo-004bOK-Oq for pgsql-general@arkaria.postgresql.org; Tue, 10 Sep 2024 23:27:38 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1soAGn-004bOA-4W for pgsql-general@lists.postgresql.org; Tue, 10 Sep 2024 23:27:38 +0000 Received: from fhigh8-smtp.messagingengine.com ([103.168.172.159]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1soAGj-000XZc-MP for pgsql-general@lists.postgresql.org; Tue, 10 Sep 2024 23:27:35 +0000 Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.phl.internal (Postfix) with ESMTP id 49DB91140134; Tue, 10 Sep 2024 19:27:32 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-04.internal (MEProxy); Tue, 10 Sep 2024 19:27:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1726010852; x=1726097252; bh=vn8LnhuRdd6SLX8ChewvynKo/9eIiUjWTM/rzZRCQVo=; b= kIXpEpM+7EWRGjMdeO3umG/0kpZz5jPPj5JlEKJmQ/fXyhnq9VSSKz93J4klP4Lm xfRe8N+ves5567Mx/I/2V0uoMnonJRC4ien0eyckAqkZEk4x/ra/LA8NaUZ9BRUA zbgitQJsapsQvVweSMg3qkgqldEJAhi0QgC1qwyEtq4vzjuMvx+6ytzb+VbwCSnl jWBKpiHArLBQtCpI3hfA1ACkgfvLFJ3usDga4N1pxzk8j19IRXqhf0oj15DFr+3P 2PfXqSRtPgwv5linnGWKsnmYvtYqLQs1Ybcf+ay5GlYqUzk0ieZx1rr9LQhV2p6r cHa8Bkrf+9qHg9N0pudsBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1726010852; x= 1726097252; bh=vn8LnhuRdd6SLX8ChewvynKo/9eIiUjWTM/rzZRCQVo=; b=J 2Qcu4QA23Oi5RfDPggrqpWYJNuIFA46QrHX9bseXb7jVt9veK/SnveqyckvjOFld Q81lLEemiIsZRQ87830Qmmx8cyFxVWDqHjx6wwbub+kMgAffkGwEO8SVjXw+VVia 1oSMbYPUtRCKBaiwmDgWRytxo+GmpZPQ4OIH/aWW84mDqyT+uHWAF3awZTfKykn6 XNIQe3sg/Bbbda5CtNQKmnrm/s2qHGHBgGpBObSJ0PM5biWQdklyvMdFbQKyq//1 vlzuTReEMVxREyhA73tQjghD6HeL4S/qtpY0TPHzjICpMYwe+qNypmgA6BHo2Ydd M2otP4NM6O/gKGgKZmSzQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudejtddgvdduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfg fuvfhfhfgjtgfgsehtkeertddtvdejnecuhfhrohhmpeetughrihgrnhcumfhlrghvvghr uceorggurhhirghnrdhklhgrvhgvrhesrghklhgrvhgvrhdrtghomheqnecuggftrfgrth htvghrnhepleegveekkeekueeigfdtveeileeuhfefudefteekjeffkeejueejheegheeg kedtnecuffhomhgrihhnpehpohhsthhgrhgvshhqlhdrohhrghenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrughrihgrnhdrkhhlrghvvghr segrkhhlrghvvghrrdgtohhmpdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpoh huthdprhgtphhtthhopegtjhhmsehtrhihgidrohhrghdprhgtphhtthhopehpghhsqhhl qdhgvghnvghrrghlsehlihhsthhsrdhpohhsthhgrhgvshhqlhdrohhrgh X-ME-Proxy: Feedback-ID: i76984098:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 10 Sep 2024 19:27:31 -0400 (EDT) Message-ID: <885b4d66-045d-4126-bf18-06d36e5c4164@aklaver.com> Date: Tue, 10 Sep 2024 16:27:30 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Test mail for pgsql-general To: Chris Miller , pgsql-general References: <172601029329.1028.17318986799853058856@malur.postgresql.org> <1738731565.8400.1726010470879.JavaMail.zimbra@tryx.org> Content-Language: en-US From: Adrian Klaver In-Reply-To: <1738731565.8400.1726010470879.JavaMail.zimbra@tryx.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 9/10/24 16:21, Chris Miller wrote: > Hi Folks, > > I am confused about authentication. I understand that in the local > connection case, I have choices of “peer”, and “md5” (password). > > > In pg_hba.conf, I have the lines: > > > local all all peer > > local all all md5 > > > I have an OS user “postgres”, and I can “su – postgres”, which brings me > to a shell and I can invoke psql successfully. > > > I believe that, as root, I should be able to “psql -U postgres -W” and > logon with a password. I can’t. When I try, I get: > > > psql: error: connection to server on socket > "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: Peer authentication > failed for user "postgres" > > > Notice I am failing “peer” authentication. Seems to me that if I > explicitly ask for a password, “-W”, I should be using “md5” authentication. First match wins loses in this case. The entries are processed top to bottom the first the one matches in this case: local all all peer Per https://www.postgresql.org/docs/16/auth-pg-hba-conf.html "The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no “fall-through” or “backup”: if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied." The -W is a no-op per: https://www.postgresql.org/docs/16/app-psql.html -W --password Force psql to prompt for a password before connecting to a database, even if the password will not be used. > > > Can anybody straighten me out? > > > Thanks for the help, > -- > Chris. -- Adrian Klaver adrian.klaver@aklaver.com