How to get psql to prompt for a password with the superuser postgres?












4















I'm using PostgreSQL 9.6.2 on Windows 7 and when I start psql from the command prompt with: 



psql -U myusername


it asks for a password just fine and logs in.
However if I do:



psql -U postgres


it's gonna log in directly to the main database with superuser rights without asking for any kind of password. If I type in:



psql -U postgres -W


then it's gonna ask for the su password which is by the way the one that I set during the one-click installation.



I've checked the pg_hba.conf and it's set to md5 for all users, all databases. I've even changed the password from the db with: postgres=# ALTER USER postgres PASSWORD 'myPassword';, to no avail.



The question is why when I log as a normal user it asks for a password and doesn't when i log as superuser? It's not a major issue as I can access my databases in either case, but it just doesn't seem safe at all. Any workaround would be very much appreciated.






postgresql windows authentication postgresql-9.6







share|improve this question
















bumped to the homepage by Community 6 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.











  • 1





    Do you have a pgpass.conf? postgresql.org/docs/current/static/libpq-pgpass.html

    – a_horse_with_no_name
    Feb 24 '17 at 6:54











  • Can you please show the full pg_hba.conf? I mean all lines that are not commented out.

    – dezso
    Feb 24 '17 at 7:35











  • I had a look at the pgpass.conf and the postgres password was indeed stored there in plain text. I commented the lines out and now psql prompts for password when I login as postgres.

    – pazeltov
    Feb 24 '17 at 15:04


















4















I'm using PostgreSQL 9.6.2 on Windows 7 and when I start psql from the command prompt with: 



psql -U myusername


it asks for a password just fine and logs in.
However if I do:



psql -U postgres


it's gonna log in directly to the main database with superuser rights without asking for any kind of password. If I type in:



psql -U postgres -W


then it's gonna ask for the su password which is by the way the one that I set during the one-click installation.



I've checked the pg_hba.conf and it's set to md5 for all users, all databases. I've even changed the password from the db with: postgres=# ALTER USER postgres PASSWORD 'myPassword';, to no avail.



The question is why when I log as a normal user it asks for a password and doesn't when i log as superuser? It's not a major issue as I can access my databases in either case, but it just doesn't seem safe at all. Any workaround would be very much appreciated.






postgresql windows authentication postgresql-9.6







share|improve this question
















bumped to the homepage by Community 6 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.











  • 1





    Do you have a pgpass.conf? postgresql.org/docs/current/static/libpq-pgpass.html

    – a_horse_with_no_name
    Feb 24 '17 at 6:54











  • Can you please show the full pg_hba.conf? I mean all lines that are not commented out.

    – dezso
    Feb 24 '17 at 7:35











  • I had a look at the pgpass.conf and the postgres password was indeed stored there in plain text. I commented the lines out and now psql prompts for password when I login as postgres.

    – pazeltov
    Feb 24 '17 at 15:04
















4












4








4








I'm using PostgreSQL 9.6.2 on Windows 7 and when I start psql from the command prompt with: 



psql -U myusername


it asks for a password just fine and logs in.
However if I do:



psql -U postgres


it's gonna log in directly to the main database with superuser rights without asking for any kind of password. If I type in:



psql -U postgres -W


then it's gonna ask for the su password which is by the way the one that I set during the one-click installation.



I've checked the pg_hba.conf and it's set to md5 for all users, all databases. I've even changed the password from the db with: postgres=# ALTER USER postgres PASSWORD 'myPassword';, to no avail.



The question is why when I log as a normal user it asks for a password and doesn't when i log as superuser? It's not a major issue as I can access my databases in either case, but it just doesn't seem safe at all. Any workaround would be very much appreciated.






postgresql windows authentication postgresql-9.6







share|improve this question
















I'm using PostgreSQL 9.6.2 on Windows 7 and when I start psql from the command prompt with: 



psql -U myusername


it asks for a password just fine and logs in.
However if I do:



psql -U postgres


it's gonna log in directly to the main database with superuser rights without asking for any kind of password. If I type in:



psql -U postgres -W


then it's gonna ask for the su password which is by the way the one that I set during the one-click installation.



I've checked the pg_hba.conf and it's set to md5 for all users, all databases. I've even changed the password from the db with: postgres=# ALTER USER postgres PASSWORD 'myPassword';, to no avail.



The question is why when I log as a normal user it asks for a password and doesn't when i log as superuser? It's not a major issue as I can access my databases in either case, but it just doesn't seem safe at all. Any workaround would be very much appreciated.






postgresql windows authentication postgresql-9.6




postgresql windows authentication postgresql-9.6






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 24 '17 at 10:01









dezso

22k116096




22k116096










asked Feb 24 '17 at 1:42









pazeltovpazeltov

2413




2413





bumped to the homepage by Community 6 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 6 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.










  • 1





    Do you have a pgpass.conf? postgresql.org/docs/current/static/libpq-pgpass.html

    – a_horse_with_no_name
    Feb 24 '17 at 6:54











  • Can you please show the full pg_hba.conf? I mean all lines that are not commented out.

    – dezso
    Feb 24 '17 at 7:35











  • I had a look at the pgpass.conf and the postgres password was indeed stored there in plain text. I commented the lines out and now psql prompts for password when I login as postgres.

    – pazeltov
    Feb 24 '17 at 15:04
















  • 1





    Do you have a pgpass.conf? postgresql.org/docs/current/static/libpq-pgpass.html

    – a_horse_with_no_name
    Feb 24 '17 at 6:54











  • Can you please show the full pg_hba.conf? I mean all lines that are not commented out.

    – dezso
    Feb 24 '17 at 7:35











  • I had a look at the pgpass.conf and the postgres password was indeed stored there in plain text. I commented the lines out and now psql prompts for password when I login as postgres.

    – pazeltov
    Feb 24 '17 at 15:04










1




1





Do you have a pgpass.conf? postgresql.org/docs/current/static/libpq-pgpass.html

– a_horse_with_no_name
Feb 24 '17 at 6:54





Do you have a pgpass.conf? postgresql.org/docs/current/static/libpq-pgpass.html

– a_horse_with_no_name
Feb 24 '17 at 6:54













Can you please show the full pg_hba.conf? I mean all lines that are not commented out.

– dezso
Feb 24 '17 at 7:35





Can you please show the full pg_hba.conf? I mean all lines that are not commented out.

– dezso
Feb 24 '17 at 7:35













I had a look at the pgpass.conf and the postgres password was indeed stored there in plain text. I commented the lines out and now psql prompts for password when I login as postgres.

– pazeltov
Feb 24 '17 at 15:04







I had a look at the pgpass.conf and the postgres password was indeed stored there in plain text. I commented the lines out and now psql prompts for password when I login as postgres.

– pazeltov
Feb 24 '17 at 15:04












2 Answers
2






active

oldest

votes


















0














As per @a_horse_with_no_name's comment, have a look in your pgpass.conf (.pgpass on Linux) file if you have one, and see if there's an entry for the postgres user:




The file .pgpass in a user's home directory or the file referenced by
PGPASSFILE can contain passwords to be used if the connection requires
a password (and no password has been specified otherwise). On
Microsoft Windows the file is named %APPDATA%postgresqlpgpass.conf
(where %APPDATA% refers to the Application Data subdirectory in the
user's profile).







share|improve this answer































    0















    why when I log as a normal user it asks for a password and doesn't when i log as superuser?



    it just doesn't seem safe at all.




    The small but important detail that you're missing is that nobody but you (or your DBA Team) should be allowed anywhere near the database server and absolutely should not have the postgres account credentials. Without these, "logging in as postgres, with or without a password" simply won't be a option for them.



    Remember: As the DBA, you'll have to cleanup the "mess" that other people make, so always keep the biggest and best tools for yourself!






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "182"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f165387%2fhow-to-get-psql-to-prompt-for-a-password-with-the-superuser-postgres%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      As per @a_horse_with_no_name's comment, have a look in your pgpass.conf (.pgpass on Linux) file if you have one, and see if there's an entry for the postgres user:




      The file .pgpass in a user's home directory or the file referenced by
      PGPASSFILE can contain passwords to be used if the connection requires
      a password (and no password has been specified otherwise). On
      Microsoft Windows the file is named %APPDATA%postgresqlpgpass.conf
      (where %APPDATA% refers to the Application Data subdirectory in the
      user's profile).







      share|improve this answer




























        0














        As per @a_horse_with_no_name's comment, have a look in your pgpass.conf (.pgpass on Linux) file if you have one, and see if there's an entry for the postgres user:




        The file .pgpass in a user's home directory or the file referenced by
        PGPASSFILE can contain passwords to be used if the connection requires
        a password (and no password has been specified otherwise). On
        Microsoft Windows the file is named %APPDATA%postgresqlpgpass.conf
        (where %APPDATA% refers to the Application Data subdirectory in the
        user's profile).







        share|improve this answer


























          0












          0








          0







          As per @a_horse_with_no_name's comment, have a look in your pgpass.conf (.pgpass on Linux) file if you have one, and see if there's an entry for the postgres user:




          The file .pgpass in a user's home directory or the file referenced by
          PGPASSFILE can contain passwords to be used if the connection requires
          a password (and no password has been specified otherwise). On
          Microsoft Windows the file is named %APPDATA%postgresqlpgpass.conf
          (where %APPDATA% refers to the Application Data subdirectory in the
          user's profile).







          share|improve this answer













          As per @a_horse_with_no_name's comment, have a look in your pgpass.conf (.pgpass on Linux) file if you have one, and see if there's an entry for the postgres user:




          The file .pgpass in a user's home directory or the file referenced by
          PGPASSFILE can contain passwords to be used if the connection requires
          a password (and no password has been specified otherwise). On
          Microsoft Windows the file is named %APPDATA%postgresqlpgpass.conf
          (where %APPDATA% refers to the Application Data subdirectory in the
          user's profile).








          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 30 '18 at 22:48









          James DouglasJames Douglas

          1034




          1034

























              0















              why when I log as a normal user it asks for a password and doesn't when i log as superuser?



              it just doesn't seem safe at all.




              The small but important detail that you're missing is that nobody but you (or your DBA Team) should be allowed anywhere near the database server and absolutely should not have the postgres account credentials. Without these, "logging in as postgres, with or without a password" simply won't be a option for them.



              Remember: As the DBA, you'll have to cleanup the "mess" that other people make, so always keep the biggest and best tools for yourself!






              share|improve this answer




























                0















                why when I log as a normal user it asks for a password and doesn't when i log as superuser?



                it just doesn't seem safe at all.




                The small but important detail that you're missing is that nobody but you (or your DBA Team) should be allowed anywhere near the database server and absolutely should not have the postgres account credentials. Without these, "logging in as postgres, with or without a password" simply won't be a option for them.



                Remember: As the DBA, you'll have to cleanup the "mess" that other people make, so always keep the biggest and best tools for yourself!






                share|improve this answer


























                  0












                  0








                  0








                  why when I log as a normal user it asks for a password and doesn't when i log as superuser?



                  it just doesn't seem safe at all.




                  The small but important detail that you're missing is that nobody but you (or your DBA Team) should be allowed anywhere near the database server and absolutely should not have the postgres account credentials. Without these, "logging in as postgres, with or without a password" simply won't be a option for them.



                  Remember: As the DBA, you'll have to cleanup the "mess" that other people make, so always keep the biggest and best tools for yourself!






                  share|improve this answer














                  why when I log as a normal user it asks for a password and doesn't when i log as superuser?



                  it just doesn't seem safe at all.




                  The small but important detail that you're missing is that nobody but you (or your DBA Team) should be allowed anywhere near the database server and absolutely should not have the postgres account credentials. Without these, "logging in as postgres, with or without a password" simply won't be a option for them.



                  Remember: As the DBA, you'll have to cleanup the "mess" that other people make, so always keep the biggest and best tools for yourself!







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 31 '18 at 11:52









                  Phill W.Phill W.

                  65131




                  65131






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Database Administrators Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f165387%2fhow-to-get-psql-to-prompt-for-a-password-with-the-superuser-postgres%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      SQL Server 17 - Attemping to backup to remote NAS but Access is denied

                      Image
                      .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0; } 0 I was attemping to use Ola Hallengrens scripts to backup to a remote NAS, but it was failing and not giving any direct errors, so I tried doing it manually using Server Management Studio and got the following error: TITLE: Microsoft SQL Server Management Studio Failed to retrieve data for this request. (Microsoft.SqlServer.Management.Sdk.Sfc) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&LinkId=20476 ADDITIONAL INFORMATION: An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.ConnectionInfo) The operating system returned the error '0x80070005(Access is denied.)&#
                      Read more

                      Always On Availability groups resolving state after failover - Remote harden of transaction...

                      Image
                      0 My explanation will be opinion based as it is based on my findings. If more information is needed, I am always happy to add it. The setup We have 4 SQL Server 2016 Instances, and all 4 underlying servers are in a WSFC (In my eyes a strange setup since Always On AG's are 2 by 2. But that is a different question.) 4 nodes + Fileshare witness Version: 13.0.5026.0 (all nodes) The instances that are having the failover issues are instances 1 & 2. They have 3 AG's between them. AG1 is primary on instance 1 and is having the issue. AG2 and AG3 are primary on instance 2. Instances 3 and 4 have their own separate AG's (2). AG1's settings The week before Last week, after checking for long running queries (none) and the synchronization state (green accross the board) we initiated a
                      Read more

                      Restoring from pg_dump with foreign key constraints

                      Image
                      5 2 In restoring a database from a pg_dump , a number of errors are being generated and the whole table is subsequently being ignored. An example: ERROR: insert or update on table "channelproducts" violates foreign key constraint "fk_rails_dfaae373a5" DETAIL: Key (channel_id)=(1) is not present in table "channels". Interestingly enough, I've noted that all these instances are popping up because of the sequence of loading. channels is after channelproducts both alphabetically and in the file and thus I can understand why postgres complains about having to create a child without a parent. caveat: the foreign key is being generated automatically by rails 4.2: I could remove the problem at the source but that still does not really solve the problem... version: PostgreSQL
                      Read more