Dears,
By default the non super user accounts login to psql wont prompt for password or even if you force with -W flag, incorrect password also will work.
1) Note the user pgtst_usr had a password, we can see that in pg_shadow view successfully (the password field shows SHA-256 encrypted password test).
postgres=# select * from pg_shadow where usename='pgtst_usr';
usename | usesysid | usecreatedb | usesuper | userepl | usebypassrls |
passwd | valuntil | useconfig
-----------+----------+-------------+----------+---------+--------------+-------------------------------------------------
--------------------------------------------------------------------------------------+----------+-----------
pgtst_usr | 16388 | t | f | f | f | SCRAM-SHA-256$4096:GHRlc0IkdWjJDIBlHMj07g==$ypmL
Lm6dXWnWjBT4GoWgdX09PDV9EkkWCOz8FlEQdjA=:pLaxim1LVHVxifAmFwH3Klfxvwscv3Q7XC9i5pAPsas= | |
(1 row)
postgres=#
2) Incorrect password also working fine!!!!
-bash-4.2$ psql -U pgtst_usr -d postgres -W
Password: <<< I entered incorrect password
psql (15.0)
Type "help" for help.
postgres=> exit
Fix routine:
3) check hba.conf location
postgres=# show hba_file;
hba_file
--------------------------
/pgDATA/data/pg_hba.conf
(1 row)
postgres=#
4) Edit hba.conf as you below... we have to change "trust" to "md5"
Existing hba.conf:
-bash-4.2$ cat /pgDATA/data/pg_hba.conf|grep -v "^#"
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
local replication all trust
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
Post change:
-bash-4.2$ cp /pgDATA/data/pg_hba.conf /pgDATA/data/pg_hba.conf_BKP_22oct22
-bash-4.2$ vi /pgDATA/data/pg_hba.conf
-bash-4.2$ diff /pgDATA/data/pg_hba.conf_BKP_22oct22 /pgDATA/data/pg_hba.conf
89c89
< local all all trust
---
> local all all md5
-bash-4.2$
-bash-4.2$ cp /pgDATA/data/pg_hba.conf /pgDATA/data/pg_hba.conf_BKP_22oct22
-bash-4.2$ vi /pgDATA/data/pg_hba.conf
-bash-4.2$ diff /pgDATA/data/pg_hba.conf_BKP_22oct22 /pgDATA/data/pg_hba.conf
89c89
< local all all trust
---
> local all all md5
-bash-4.2$
5) restart the postgresql-15 service using systemctl.
6) Now try access the database using wrong password as before, but it failed now to allow me connect to the db.
-bash-4.2$ psql -U pgtst_usr -d postgres
Password for user pgtst_usr:
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: password authentication failed for user "pgtst_usr"
retry with right password...
-bash-4.2$ psql -U pgtst_usr -d postgres
Password for user pgtst_usr: <<<< without -W flag, the password propt is popping up.
psql (15.0)
Type "help" for help.
postgres=>
7) to get the information on current connection...
postgres=> \conninfo
You are connected to database "postgres" as user "pgtst_usr" via socket in "/var/run/postgresql" at port "5432".
postgres=>
Password for user pgtst_usr:
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: password authentication failed for user "pgtst_usr"
retry with right password...
-bash-4.2$ psql -U pgtst_usr -d postgres
Password for user pgtst_usr: <<<< without -W flag, the password propt is popping up.
psql (15.0)
Type "help" for help.
postgres=>
7) to get the information on current connection...
postgres=> \conninfo
You are connected to database "postgres" as user "pgtst_usr" via socket in "/var/run/postgresql" at port "5432".
postgres=>
8) To get the pid of the connection...
SELECT
pid
,datname
,usename
,application_name
,client_hostname
,client_port
,backend_start
,query_start
,query
,state
FROM pg_stat_activity
WHERE state = 'active';
postgres=> SELECT
postgres-> pid
postgres-> ,datname
postgres-> ,usename
postgres-> ,application_name
postgres-> ,client_hostname
postgres-> ,client_port
postgres-> ,backend_start
postgres-> ,query_start
postgres-> ,query
postgres-> ,state
postgres-> FROM pg_stat_activity
postgres-> WHERE state = 'active';
pid | datname | usename | application_name | client_hostname | client_port | backend_start |
query_start | query | state
------+----------+-----------+------------------+-----------------+-------------+----------------------------------+------
----------------------------+-------------------------+--------
2750 | postgres | pgtst_usr | psql | | -1 | 2022-10-22 23:48:16.632989+05:30 | 2022-
10-22 23:49:52.368871+05:30 | SELECT +| active
| | | | | | |
| pid +|
| | | | | | |
| ,datname +|
| | | | | | |
| ,usename +|
| | | | | | |
| ,application_name +|
| | | | | | |
| ,client_hostname +|
| | | | | | |
| ,client_port +|
| | | | | | |
| ,backend_start +|
| | | | | | |
| ,query_start +|
| | | | | | |
| ,query +|
| | | | | | |
| ,state +|
| | | | | | |
| FROM pg_stat_activity +|
| | | | | | |
| WHERE state = 'active'; |
(1 row)
postgres=>
8) @ os the pid details...
-bash-4.2$ ps -ef|grep 2750
postgres 2750 2723 0 23:48 ? 00:00:00 postgres: pgtst_usr postgres [local] idle
postgres 2778 2178 0 23:50 pts/1 00:00:00 grep --color=auto 2750
-bash-4.2$
Thanks
No comments:
Post a Comment