ident vs md5 for Postgres authentication

Question

I set up a Postgres db server on CentOS and created a database, mydb.

I access psql as system user postgres and check to see that it exists:

$ sudo -u postgres -i
$ psql
postgres=# \l

 Name | Owner | ...    
--------------------
 mydb | postgres | ... 

I then configure it:

(1) listen_addresses = 'localhost' is uncommented in postgresql.conf.

(2) I set the password for user postgres.

sudo -u postgres psql template1
ALTER USER postgres with encrypted password 'my_password';

But, connection via psql -U postgres -h localhost and Pgadm3 fail with this error:

Ident autentication failed for user "postgres"

I checked /var/lib/pgsql/9.4/data/pg_hba.conf.

ident is the default method for local IPv6 and IPv4 connections.

I change this from ident to md5.

Then, connection via Pgadmi3 and psql work as expected

Why does ident fail?

Answer 1

It fails due to:

The ident authentication method works by obtaining the client's operating system user name from an ident server and using it as the allowed database user name (with an optional user name mapping). This is only supported on TCP/IP connections.

The ident should mean UNIX identification. In order to ident work you must run psql or PGAdmin by postgres user (default Postgres processes owner on CentOS). So make sure you made sudo su - postgres or sudo - postgres (and it works as you shown).

The md5 actually means md5 hash password identification. For me personally it easiest way.

I'm sure in your example everything works correctly :-)