Postgres users can login with any or no password
So I set up a user called "paperwork" with a database of the same name
postgres=# create role paperwork;
postgres=# create database paperwork;
postgres=# grant all privileges on database paperwork to paperwork;
postgres=# ALTER ROLE paperwork WITH LOGIN;
postgres=# ALTER ROLE paperwork WITH PASSWORD 'paperwork';
But it still allows me to register as documents without a password
[###@EMOO modules]$ psql --username=paperwork --host=localhost
psql (9.6.3)
Type "help" for help.
paperwork=> \q
and when I force it to use a password, it accepts any password, including a blank password:
[###@EMOO modules]$ psql --username=paperwork --host=localhost --password
Password for user paperwork:
psql (9.6.3)
Type "help" for help.
When I open pgadmin3 and click on the "paperwork" user, it seems to have an encrypted password.
-- Role: paperwork
-- DROP ROLE paperwork;
CREATE ROLE paperwork LOGIN
ENCRYPTED PASSWORD 'md585ff97314dbeb9953b989fd363a8e96f'
NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
Also, when I open pgadmin3 it prompts me for the postgres password, but again it will accept anything for the postgres password. (and I remember setting the postgres password when I installed postgres). How can I make it so that you need the correct password to login? Or is there some context here that I completely lost ?, like passwords, only needed for remote logins or some weirdness. Thank.
EDIT: I didn't have / usr / share / postgresql / pg_hba.conf (EDIT: actually I just couldn't find it because I didn't use sudo in the "locate" command) I created one from the sample file: / usr / share / postgresql / pg_hba.conf.sample
Got this idea from here: http://blog.mattsch.com/2012/05/19/postgresql-accepts-any-or-no-password-when-connecting/ I tried to make it md5 authentication but I still have this same problem. What I tried is given below from / usr / share / postgresql / pg _hba.conf file
@authcomment@
# TYPE DATABASE USER ADDRESS METHOD
@remove-line-for-nolocal@# "local" is for Unix domain socket connections only
@remove-line-for-nolocal@local all all @authmethodlocal@
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
@remove-line-for-nolocal@#local replication @default_username@ @authmethodlocal@
#host replication @default_username@ 127.0.0.1/32 @authmethodhost@
#host replication @default_username@ ::1/128 @authmethodhost@
Then I restarted postgresql but still have the same problem.
EDIT: Thanks Abelisto . the "show config_file" command (after logging in with pgsql) will put me on the correct track. It never occurred to me that "locate pg_hba.conf", launched from my linux command line, did not have permission to look for the actual config file in the postgres directory: / var / lib / postgres / data / User documentation "now gets rejected with the wrong password after I changed "trust" to "md5" in / var / lib / postgres / data / pg_hba.conf on these lines to do this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
This will probably mean that you decided to try a little to test a couple of things.
source to share
TL; DR for my original post:
1 make sure you set the postgres password for what you know:
[###@EMOO ~]$ psql -U postgres
psql (9.6.3)
Type "help" for help.
postgres=# ALTER ROLE postgres WITH PASSWORD 'postgres password';
2 find pg_hba.conf
sudo updatedb
sudo locate pg_hba.conf
3 replace "trust" with "md5" in pg_hba.conf
4 restart postgresql:
sudo systemctl restart postgresql
5 login as posters and change all user passwords you need, now users will be rejected if they don't provide the correct password
psql -U postgres
source to share