public inbox for [email protected]help / color / mirror / Atom feed
pgpass file in postresql.auto.conf? 3+ messages / 3 participants [nested] [flat]
* pgpass file in postresql.auto.conf? @ 2025-09-26 12:05 Dan Mahoney (Gushi) <[email protected]> 2025-09-26 12:47 ` Re: pgpass file in postresql.auto.conf? Ron Johnson <[email protected]> 2025-09-26 14:17 ` Re: pgpass file in postresql.auto.conf? Laurenz Albe <[email protected]> 0 siblings, 2 replies; 3+ messages in thread From: Dan Mahoney (Gushi) @ 2025-09-26 12:05 UTC (permalink / raw) To: [email protected] Hey folks, In the interest of automation, I've set up a pgpass file for my pg_basebackup between master and standby. This all works, thusly: pg_basebackup -d 'postgres://[email protected]:5432/foo?sslmode=verify-ca' -F p --wal-method=stream -P -R -D /var/db/postgres/data17-test3 However, instead of the password getting baked into the pgsql.auto.conf, the reference to the passfile gets put in, instead: # Do not edit this file manually! # It will be overwritten by the ALTER SYSTEM command. primary_conninfo = 'user=repuser passfile=''/var/db/postgres/.pgpass'' channel_binding=prefer host=10.1.1.1 port=5432 sslmode=''verify-ca'' sslnegotiation=postgres sslcompression=0 sslcertmode=allow sslsni=1 ssl_min_protocol_version=TLSv1.2 gssencmode=disable krbsrvname=postgres gssdelegation=0 target_session_attrs=any load_balance_hosts=disable dbname=foo' But it seems postgres won't actually read the passfile. Sep 26 12:01:27 hostname postgres[42455]: [7-1] 2025-09-26 12:01:27.658 UTC [42455] FATAL: could not connect to the primary server: connection to server at "10.1.1.1", port 5432 failed: fe_sendauth: no password supplied Am I doing something wrong here? I'm loathe to hand-edit the file, because of that warning there. Why does pg_basebackup put a reference to a file it it won't read it? Is there an alter system command that can be used to properly populate the password into this file? -Dan ^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: pgpass file in postresql.auto.conf? 2025-09-26 12:05 pgpass file in postresql.auto.conf? Dan Mahoney (Gushi) <[email protected]> @ 2025-09-26 12:47 ` Ron Johnson <[email protected]> 1 sibling, 0 replies; 3+ messages in thread From: Ron Johnson @ 2025-09-26 12:47 UTC (permalink / raw) To: pgsql-generallists.postgresql.org <[email protected]> On Fri, Sep 26, 2025 at 8:06 AM Dan Mahoney (Gushi) <[email protected]> wrote: > Hey folks, > > In the interest of automation, I've set up a pgpass file for my > pg_basebackup between master and standby. This all works, thusly: > > pg_basebackup -d > 'postgres://[email protected]:5432/foo?sslmode=verify-ca' -F p > --wal-method=stream -P -R -D /var/db/postgres/data17-test3 > > However, instead of the password getting baked into the pgsql.auto.conf, > the reference to the passfile gets put in, instead: > It's still early in the morning, so I might still be fuzzy-brained, but are you asking why the repuser password is not hard-coded into postresql.auto.conf? > # Do not edit this file manually! > # It will be overwritten by the ALTER SYSTEM command. > primary_conninfo = 'user=repuser passfile=''/var/db/postgres/.pgpass'' > channel_binding=prefer host=10.1.1.1 port=5432 sslmode=''verify-ca'' > sslnegotiation=postgres sslcompression=0 sslcertmode=allow sslsni=1 > ssl_min_protocol_version=TLSv1.2 gssencmode=disable krbsrvname=postgres > gssdelegation=0 target_session_attrs=any load_balance_hosts=disable > dbname=foo' > > But it seems postgres won't actually read the passfile. > > Sep 26 12:01:27 hostname postgres[42455]: [7-1] 2025-09-26 12:01:27.658 > UTC [42455] FATAL: could not connect to the primary server: connection to > server at "10.1.1.1", port 5432 failed: fe_sendauth: no password supplied > > Am I doing something wrong here? > *When* do you get that message? And what does "for my pg_basebackup between master and standby" mean? > I'm loathe to hand-edit the file, because of that warning there. > > Why does pg_basebackup put a reference to a file it it won't read it? > Because you have a subtle bug in the .pgpass file. It's case sensitive, and requires the domain name of that's part of $HOSTNAME. > Is there an alter system command that can be used to properly populate the > password into this file? > Does the .pgpass file work for "regular" connections? -- Death to <Redacted>, and butter sauce. Don't boil me, I'm still alive. <Redacted> lobster! ^ permalink raw reply [nested|flat] 3+ messages in thread
* Re: pgpass file in postresql.auto.conf? 2025-09-26 12:05 pgpass file in postresql.auto.conf? Dan Mahoney (Gushi) <[email protected]> @ 2025-09-26 14:17 ` Laurenz Albe <[email protected]> 1 sibling, 0 replies; 3+ messages in thread From: Laurenz Albe @ 2025-09-26 14:17 UTC (permalink / raw) To: Dan Mahoney (Gushi) <[email protected]>; [email protected] On Fri, 2025-09-26 at 12:05 +0000, Dan Mahoney (Gushi) wrote: > In the interest of automation, I've set up a pgpass file for my > pg_basebackup between master and standby. This all works, thusly: > > pg_basebackup -d > 'postgres://[email protected]:5432/foo?sslmode=verify-ca' -F p > --wal-method=stream -P -R -D /var/db/postgres/data17-test3 > > However, instead of the password getting baked into the pgsql.auto.conf, > the reference to the passfile gets put in, instead: > > # Do not edit this file manually! > # It will be overwritten by the ALTER SYSTEM command. > primary_conninfo = 'user=repuser passfile=''/var/db/postgres/.pgpass'' > channel_binding=prefer host=10.1.1.1 port=5432 sslmode=''verify-ca'' > sslnegotiation=postgres sslcompression=0 sslcertmode=allow sslsni=1 > ssl_min_protocol_version=TLSv1.2 gssencmode=disable krbsrvname=postgres > gssdelegation=0 target_session_attrs=any load_balance_hosts=disable > dbname=foo' That happens when "pg_basebackup" used a password file to connect to the PostgreSQL server. > But it seems postgres won't actually read the passfile. Oh yes, it will, as long as it has permissions 0600, 0400 or 0700 and belongs to the database server OS user (commonly "postgres"). It must have worked for the "pg_basebackup", so PostgreSQL assumes it will also work for replication. > Sep 26 12:01:27 hostname postgres[42455]: [7-1] 2025-09-26 12:01:27.658 > UTC [42455] FATAL: could not connect to the primary server: connection to > server at "10.1.1.1", port 5432 failed: fe_sendauth: no password supplied > > Am I doing something wrong here? That is hard to say. You should have run "pg_basebackup" as the same OS user that starts the standby. > I'm loathe to hand-edit the file, because of that warning there. Makes sense, although it is OK as long as you don't mess up the file. > Is there an alter system command that can be used to properly populate the > password into this file? Sure. If the standby server is up and running (even if it cannot connect to the primary), you can connect and execute ALTER SYSTEM SET primary_conninfo = 'password=''my secret password'''; Yours, Laurenz Albe ^ permalink raw reply [nested|flat] 3+ messages in thread
end of thread, other threads:[~2025-09-26 14:17 UTC | newest] Thread overview: 3+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2025-09-26 12:05 pgpass file in postresql.auto.conf? Dan Mahoney (Gushi) <[email protected]> 2025-09-26 12:47 ` Ron Johnson <[email protected]> 2025-09-26 14:17 ` Laurenz Albe <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox