Is there a way to fetch the encrypted password for a login roll from a PostgreSQL server?
To give some insight into my problem, I'm trying to manage the postgres
user's password via Ansible. To do so, I would like to check the current value of the encrypted password (e.g. 'md5...'
) to see if it's current or not. If it is not, I would execute the appropriate ALTER ROLL
command to update it.
I know I can use pg_dumpall
to see the password, e.g:
$ pg_dumpall --roles-only
<snip>
CREATE ROLE postgres;
ALTER ROLE postgres WITH ... PASSWORD 'md5...';
But this doesn't seem like a very reliable way of doing so.
If you don't remember your PostgreSQL database password, you can follow the steps below to reset it to a new value: Change the authentication method in the PostgreSQL configuration file pg_hba. conf from md5 to trust and reload the configuration. You should now be able to connect to PostgreSQL with the new password.
There are two ways to login PostgreSQL: By running the "psql" command as a UNIX user which is also configured as PostgreSQL user using so-called IDENT/PEER authentication, e.g., " sudo -u postgres psql ". Via TCP/IP connection using PostgreSQL's own managed username/password (using so-called MD5 authentication).
conf file and change all local connections from md5 to trust. By doing this, you can log in to the PostgreSQL database server without using a password. The "C:\Program Files\PostgreSQL\12\data" is the data directory. PostgreSQL will not require a password to login.
Try to read rolpassword field.
SELECT rolpassword FROM pg_authid
pg_authid
The catalog pg_authid contains information about database authorization identifiers (roles). A role subsumes the concepts of "users" and "groups". A user is essentially just a role with the rolcanlogin flag set. Any role (with or without rolcanlogin) can have other roles as members; see pg_auth_members.
Since this catalog contains passwords, it must not be publicly readable. pg_roles is a publicly readable view on pg_authid that blanks out the password field.
Chapter 19 contains detailed information about user and privilege management.
Because user identities are cluster-wide, pg_authid is shared across all databases of a cluster: there is only one copy of pg_authid per cluster, not one per database.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With