Menu
Postgres not accepting connection if I say -h localhost but it works if I say -h 127.0.0.1
[root@5d9ca0effd7f opensips]# psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: Ident authentication failed for user "postgres"
[root@5d9ca0effd7f opensips]# psql -U postgres -h 127.0.0.1 -W
Password for user postgres:
psql (8.4.20)
Type "help" for help.
postgres=#
My /var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
local all all ident
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
If I add following line then Postgres service failed to start:
host all all localhost ident
host all all localhost trust
Wwhat is wrong there?
My /etc/hosts file:
[root@5d9ca0effd7f opensips]# cat /etc/hosts
172.17.0.2 5d9ca0effd7f
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
908
You can also connect to PostgreSQL database using pgAdmin GUI application. Connect to the database at localhost:5432 using the user name postgres and the password supplied. Now, double click on PostgreSQL 9.4 under the "Servers Groups". pgAdmin will ask you for a password.
Connecting to Your DatabaseThe PostgreSQL database service is available on localhost and the default PostgreSQL port is 5432 . A default user ( hosting-db ) and database ( postgres ) exist so you can quickly test your connection and perform management tasks.
Alternatively you can just "SELECT 1" with psql, and check output: =$ psql -h 127.0. 0.
PostgreSQL uses a message-based protocol for communication between frontends and backends (clients and servers). The protocol is supported over TCP/IP and also over Unix-domain sockets.
In pg_hba.conf, the first match counts. The manual:
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no "fall-through" or "backup": if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.
Note the reversed order:
host all all 127.0.0.1/32 trust
host all all 127.0.0.1/32 ident
But:
host all all localhost ident
host all all localhost trust
Remember to reload after saving changes to pg_hba.conf. (Restart is not necessary.) The manual:
The
pg_hba.conffile is read on start-up and when the main server process receives aSIGHUPsignal. If you edit the file on an active system, you will need to signal the postmaster (usingpg_ctl reload, calling the SQL functionpg_reload_conf(), or usingkill -HUP) to make it re-read the file.
If you really "add" the lines like you wrote, there should not be any effect at all. But if you replace the lines, there is.
In the first case, you get trust authentication method, which is an open-door policy. The manual:
PostgreSQL assumes that anyone who can connect to the server is authorized to access the database with whatever database user name they specify (even superuser names)
But in the second case you get the ident authentication method, which has to be set up properly to work.
Plus, as Cas pointed out later, localhost covers both IPv4 and IPv6, while 127.0.0.1/32 only applies to IPv4.
If you are actually using the outdated version 8.4, go to the old manual for 8.4. You are aware that 8.4 has reached EOL in 2014 and is not supported any more? Consider upgrading to a current version.
In Postgres 9.1 or later you would rather use peer than ident.
More:
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
