Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1v29Gh-000lsk-4V
	for pgsql-general@arkaria.postgresql.org; Fri, 26 Sep 2025 14:17:51 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1v29Gf-0021Yu-2z
	for pgsql-general@arkaria.postgresql.org; Fri, 26 Sep 2025 14:17:49 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1v29Ge-0021Yk-NO
	for pgsql-general@lists.postgresql.org; Fri, 26 Sep 2025 14:17:49 +0000
Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1v29Gd-000EVp-0o
	for pgsql-general@lists.postgresql.org;
	Fri, 26 Sep 2025 14:17:48 +0000
Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3b9edf4cf6cso2263237f8f.3
        for <pgsql-general@lists.postgresql.org>; Fri, 26 Sep 2025 07:17:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cybertec.at; s=google; t=1758896266; x=1759501066; darn=lists.postgresql.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=7mt5Kk5mLoLvUHaQzRkWe5xUbYp0lA45Z5H4S/gI8DE=;
        b=qGEikDDHLae+vXDcM8cmnTQLtYhgWeAEQDlakEBUUPbZatz+dTYlCUNiR6d+jZdwhN
         WlTVEPG8OmfWXGS087YV4DRHxeoPG85kn9pP9ahh4A4xW3tM1ExGBLcit/ec5X+/FiBQ
         9UNZ76JeHX1c4b/VuRzNWG73yaJGuqq0qbJbtASM9d8ubt/b1pMFA3ryseOYOgcssPpV
         TScukUZ7S2dqv8v1xOVJEhjovH4Ih5EbFRZpfaWrmdz/GrQtPdEB3RwHANOkBOLXZCxU
         IKI1B9juFfqU3aZItPbP0G/shSIKxFGRFWaEXidstoamBfIwhKysdG7OqwXuZuvewyQb
         I6dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1758896266; x=1759501066;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:to:from:subject:message-id:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=7mt5Kk5mLoLvUHaQzRkWe5xUbYp0lA45Z5H4S/gI8DE=;
        b=DH+MIfrMDRcfIrtpzvTbGuTBonR/GEVc1ZZa0lmHCNqIOTf2qcPydSRE8D58H7Agnd
         ER5pl6mCPpQYkQxSMAnLK1w2OFF6Or0ySLKfsrEHq6Vf6zFxFd9XiTOvNOYFK2KQ/s+1
         i2Zcb7s0IBChlGN0ohOdOeMeJr8ccMl2BOt/LrO7m+Nqw0VeVgMFqYVWZY0zKQ4a7mi2
         4iVdl+5sTLl0T2N3MoYWNoh45M1q0Ig1LyIcz6whZTDFdj+C7dPzs/d8srmXhTUbd8by
         nXGZlW3A6QRPx46qasjj3NV25cKKDL65T9jl9CiGlMBJQY8t6VtiK4tIZpJfBx/n9z8D
         9L5w==
X-Forwarded-Encrypted: i=1; AJvYcCWLOKJ5KCKNkW6vM3HDPmP0H5JFfWVuaUL6Ggr//JxN6+iK60TQTBCKT8svkWB/SBnJP/LoEhs+QbnH5xdy@lists.postgresql.org
X-Gm-Message-State: AOJu0YzoSXpEM3iAdIDztmXILFAa04czLGgU+743bgqX908TZMXRCI+s
	DYyat4IG7Jn41dlukTeGOkvzzk4si6E0waELLzoq4qBkG/k7tQxfUHPWgxjs+6f8i0s=
X-Gm-Gg: ASbGncsZIqT7YTvmC0r7ThJHd3aKXMIvk2R2fbp23JCU0inpEDymiGr0bRbwWUlK69R
	JDupwiDaCl4n9YCyWibT3mDFpHTgV2OVnN+sCdFHc1MTeqTZI7QrmQxdvtk/D7mjYt0W6w3f+mc
	kuc9vnCiERnWUUC/9TIFdQu0BXZmtJm055eBaTAw2k8wNfTsjPQx7dIOXjLpd/T7qbaHNlQZ+0P
	T9NseE7G5q71Wh49StlfJVIHE+Do/mc45ncQigeAKzijVc+vrY92ztWfVURO6vTdvrYzWf/Vd2Q
	C285jbybdtaaOMHd6UGouNIzLFCS1CZgEGwfxw4wXEWk6LniW/L4tH415YyfTxUZ2iA+2mx4FfH
	P96evpBwE3R8qkHVqz5Wb4qSesDS1hio1LgfhJfQpaNNpSuJMXaO6oXV1qMojR1/1
X-Google-Smtp-Source: AGHT+IGctMYx/X/aBoMY84p//M5nlzfm5MEssCG1fRKimTV/v9NZ2lV2X2WCg+DpaK7t6yMggesXYQ==
X-Received: by 2002:a05:6000:268a:b0:3ee:114f:f89f with SMTP id ffacd0b85a97d-40e4745e248mr7821262f8f.15.1758896265745;
        Fri, 26 Sep 2025 07:17:45 -0700 (PDT)
Received: from laurenz.albe-K4N0CV00F97414D ([2001:871:70:4f4f:9e1e:c3e6:ae67:c99f])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-40fc5603381sm7830183f8f.31.2025.09.26.07.17.45
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 26 Sep 2025 07:17:45 -0700 (PDT)
Message-ID: <89f3ec586ade0b6fec211ea22d45fb32500611ff.camel@cybertec.at>
Subject: Re: pgpass file in postresql.auto.conf?
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: "Dan Mahoney (Gushi)" <postgres@gushi.org>, 
	pgsql-general@lists.postgresql.org
Date: Fri, 26 Sep 2025 16:17:44 +0200
In-Reply-To: <31ded2b6-d8f8-497c-59ea-c7885b4a7d26@gushi.org>
References: <31ded2b6-d8f8-497c-59ea-c7885b4a7d26@gushi.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.56.2 (3.56.2-2.fc42) 
MIME-Version: 1.0
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/89f3ec586ade0b6fec211ea22d45fb32500611ff.camel%40cybertec.at>
Precedence: bulk

On Fri, 2025-09-26 at 12:05 +0000, Dan Mahoney (Gushi) wrote:
> In the interest of automation, I've set up a pgpass file for my=20
> pg_basebackup between master and standby.  This all works, thusly:
>=20
> pg_basebackup -d=20
> 'postgres://repuser@10.1.1.1:5432/foo?sslmode=3Dverify-ca' -F p=20
> --wal-method=3Dstream -P -R -D /var/db/postgres/data17-test3
>=20
> However, instead of the password getting baked into the pgsql.auto.conf,=
=20
> the reference to the passfile gets put in, instead:
>=20
> # Do not edit this file manually!
> # It will be overwritten by the ALTER SYSTEM command.
> primary_conninfo =3D 'user=3Drepuser passfile=3D''/var/db/postgres/.pgpas=
s''=20
> channel_binding=3Dprefer host=3D10.1.1.1 port=3D5432 sslmode=3D''verify-c=
a''=20
> sslnegotiation=3Dpostgres sslcompression=3D0 sslcertmode=3Dallow sslsni=
=3D1=20
> ssl_min_protocol_version=3DTLSv1.2 gssencmode=3Ddisable krbsrvname=3Dpost=
gres=20
> gssdelegation=3D0 target_session_attrs=3Dany load_balance_hosts=3Ddisable=
=20
> dbname=3Dfoo'

That happens when "pg_basebackup" used a password file to connect to
the PostgreSQL server.

> But it seems postgres won't actually read the passfile.

Oh yes, it will, as long as it has permissions 0600, 0400 or 0700 and
belongs to the database server OS user (commonly "postgres").
It must have worked for the "pg_basebackup", so PostgreSQL assumes it
will also work for replication.

> Sep 26 12:01:27 hostname postgres[42455]: [7-1] 2025-09-26 12:01:27.658=
=20
> UTC [42455] FATAL:  could not connect to the primary server: connection t=
o=20
> server at "10.1.1.1", port 5432 failed: fe_sendauth: no password supplied
>=20
> Am I doing something wrong here?

That is hard to say.  You should have run "pg_basebackup" as the
same OS user that starts the standby.

> I'm loathe to hand-edit the file, because of that warning there.

Makes sense, although it is OK as long as you don't mess up the file.


> Is there an alter system command that can be used to properly populate th=
e=20
> password into this file?

Sure.  If the standby server is up and running (even if it cannot connect
to the primary), you can connect and execute

  ALTER SYSTEM SET primary_conninfo =3D 'password=3D''my secret password'''=
;

Yours,
Laurenz Albe