Обсуждение: Ident authentication failed
Hi,
I'm trying to configure miniflux and am struggling to figure out how to configure postgres for that purpose. (The miniflux instructions are very terse.) Regardless of whether I run the command as the postgres user or the miniflux user, I get similar errors. I am running Centos 7 using the updated scl version of postgres (9.6.10).
With the following, the postgres user "miniflux" along with the password are specified in /etc/miniflux.conf.
$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"
I have no problems logging into postgres as the miniflux user using the same password specified in /etc/miniflux.conf.
Running the same command without specifying the configuration file uses the postgres user and also fails
$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
I'm at a complete loss.
Any suggestions?
Thanks,
Ted To
You're only allowing "trust" authentication, not "ident" authentication. On 3/26/20 2:29 PM, Ted To wrote: > > Hi, > > I'm trying to configure miniflux and am struggling to figure out how to > configure postgres for that purpose. (The miniflux instructions are very > terse.) Regardless of whether I run the command as the postgres user or > the miniflux user, I get similar errors. I am running Centos 7 using the > updated scl version of postgres (9.6.10). > > With the following, the postgres user "miniflux" along with the password > are specified in /etc/miniflux.conf. > > $ miniflux -c /etc/miniflux.conf -migrate > Current schema version: 0 > Latest schema version: 26 > Migrating to version: 1 > [FATAL] [Migrate] pq: Ident authentication failed for user "miniflux" > > I have no problems logging into postgres as the miniflux user using the > same password specified in /etc/miniflux.conf. > > Running the same command without specifying the configuration file uses > the postgres user and also fails > > $ miniflux -migrate > [INFO] The default value for DATABASE_URL is used > Current schema version: 0 > Latest schema version: 26 > Migrating to version: 1 > [FATAL] [Migrate] pq: Ident authentication failed for user "postgres" > > My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes > > # TYPE DATABASE USER ADDRESS METHOD > > local miniflux miniflux trust > local miniflux postgres trust > > # "local" is for Unix domain socket connections only > local all all peer > # IPv4 local connections: > host all all 127.0.0.1/32 trust > > I'm at a complete loss. > > Any suggestions? > > Thanks, > > Ted To > -- Angular momentum makes the world go 'round.
On 3/26/20 12:29 PM, Ted To wrote: > Hi, > > I'm trying to configure miniflux and am struggling to figure out how to > configure postgres for that purpose. (The miniflux instructions are > very terse.) Regardless of whether I run the command as the postgres > user or the miniflux user, I get similar errors. I am running Centos 7 > using the updated scl version of postgres (9.6.10). > > With the following, the postgres user "miniflux" along with the password > are specified in /etc/miniflux.conf. > > $ miniflux -c /etc/miniflux.conf -migrate > Current schema version: 0 > Latest schema version: 26 > Migrating to version: 1 > [FATAL] [Migrate] pq: Ident authentication failed for user "miniflux" > > I have no problems logging into postgres as the miniflux user using the > same password specified in /etc/miniflux.conf. > > Running the same command without specifying the configuration file uses > the postgres user and also fails > > $ miniflux -migrate > [INFO] The default value for DATABASE_URL is used > Current schema version: 0 > Latest schema version: 26 > Migrating to version: 1 > [FATAL] [Migrate] pq: Ident authentication failed for user "postgres" Can you show the entire connection string used by miniflux? Did you reload/restart the server after making the changes below? > > My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes > > # TYPE DATABASE USER ADDRESS METHOD > > local miniflux miniflux trust > local miniflux postgres trust > > # "local" is for Unix domain socket connections only > local all all peer > # IPv4 local connections: > host all all 127.0.0.1/32 trust > > I'm at a complete loss. > > Any suggestions? > > Thanks, > > Ted To > -- Adrian Klaver adrian.klaver@aklaver.com
Thank you -- I added two lines to the hba file to allow for ident authentication, restarted postgres and still the same errors.
You're only allowing "trust" authentication, not "ident" authentication.
On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how to configure postgres for that purpose. (The miniflux instructions are very terse.) Regardless of whether I run the command as the postgres user or the miniflux user, I get similar errors. I am running Centos 7 using the updated scl version of postgres (9.6.10).
With the following, the postgres user "miniflux" along with the password are specified in /etc/miniflux.conf.
$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"
I have no problems logging into postgres as the miniflux user using the same password specified in /etc/miniflux.conf.
Running the same command without specifying the configuration file uses the postgres user and also fails
$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
I'm at a complete loss.
Any suggestions?
Thanks,
Ted To
Can you show the entire connection string used by miniflux?The miniflux command is binary so, no, not easily.
Yes.
Did you reload/restart the server after making the changes below?
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
I'm at a complete loss.
Any suggestions?
Thanks,
Ted To
On 3/26/20 12:40 PM, Ted To wrote: > Thank you -- I added two lines to the hba file to allow for ident > authentication, restarted postgres and still the same errors. Without knowing how the client is trying to connect to the server this issue will be difficult to solve. > > On 3/26/20 3:35 PM, Ron wrote: >> You're only allowing "trust" authentication, not "ident" authentication. >> >> On 3/26/20 2:29 PM, Ted To wrote: >>> >>> Hi, >>> >>> I'm trying to configure miniflux and am struggling to figure out how >>> to configure postgres for that purpose. (The miniflux instructions >>> are very terse.) Regardless of whether I run the command as the >>> postgres user or the miniflux user, I get similar errors. I am >>> running Centos 7 using the updated scl version of postgres (9.6.10). >>> >>> With the following, the postgres user "miniflux" along with the >>> password are specified in /etc/miniflux.conf. >>> >>> $ miniflux -c /etc/miniflux.conf -migrate >>> Current schema version: 0 >>> Latest schema version: 26 >>> Migrating to version: 1 >>> [FATAL] [Migrate] pq: Ident authentication failed for user "miniflux" >>> >>> I have no problems logging into postgres as the miniflux user using >>> the same password specified in /etc/miniflux.conf. >>> >>> Running the same command without specifying the configuration file >>> uses the postgres user and also fails >>> >>> $ miniflux -migrate >>> [INFO] The default value for DATABASE_URL is used >>> Current schema version: 0 >>> Latest schema version: 26 >>> Migrating to version: 1 >>> [FATAL] [Migrate] pq: Ident authentication failed for user "postgres" >>> >>> My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes >>> >>> # TYPE DATABASE USER ADDRESS METHOD >>> >>> local miniflux miniflux trust >>> local miniflux postgres trust >>> >>> # "local" is for Unix domain socket connections only >>> local all all peer >>> # IPv4 local connections: >>> host all all 127.0.0.1/32 trust >>> >>> I'm at a complete loss. >>> >>> Any suggestions? >>> >>> Thanks, >>> >>> Ted To >>> >> -- Adrian Klaver adrian.klaver@aklaver.com
On Mar 26, 2020, at 1:43 PM, Ted To <ted@theo.to> wrote:
On 3/26/20 3:35 PM, Adrian Klaver wrote:Can you show the entire connection string used by miniflux?The miniflux command is binary so, no, not easily.Yes.
Did you reload/restart the server after making the changes below?
On 3/26/20 12:40 PM, Ted To wrote: > Thank you -- I added two lines to the hba file to allow for ident > authentication, restarted postgres and still the same errors. Alright from here: https://miniflux.app/docs/configuration.html The Golang Postgres client pq is being used and: "The default value for DATABASE_URL is user=postgres password=postgres dbname=miniflux2 sslmode=disable." From here: https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters "host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)" So unless you have specified a host in the conf file you need to be paying attention to the lines in pg_hba.conf that start with host. Where the two lines you added above for host? You can check what is happening on the server end by looking in the Postgres logs. That will also show you the connection string. Do you have more then one instance of Postgres on the machine? > > On 3/26/20 3:35 PM, Ron wrote: >> You're only allowing "trust" authentication, not "ident" authentication. >> >> On 3/26/20 2:29 PM, Ted To wrote: >>> >>> Hi, >>> >>> I'm trying to configure miniflux and am struggling to figure out how >>> to configure postgres for that purpose. (The miniflux instructions >>> are very terse.) Regardless of whether I run the command as the >>> postgres user or the miniflux user, I get similar errors. I am >>> running Centos 7 using the updated scl version of postgres (9.6.10). >>> >>> With the following, the postgres user "miniflux" along with the >>> password are specified in /etc/miniflux.conf. >>> >>> $ miniflux -c /etc/miniflux.conf -migrate >>> Current schema version: 0 >>> Latest schema version: 26 >>> Migrating to version: 1 >>> [FATAL] [Migrate] pq: Ident authentication failed for user "miniflux" >>> >>> I have no problems logging into postgres as the miniflux user using >>> the same password specified in /etc/miniflux.conf. >>> >>> Running the same command without specifying the configuration file >>> uses the postgres user and also fails >>> >>> $ miniflux -migrate >>> [INFO] The default value for DATABASE_URL is used >>> Current schema version: 0 >>> Latest schema version: 26 >>> Migrating to version: 1 >>> [FATAL] [Migrate] pq: Ident authentication failed for user "postgres" >>> >>> My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes >>> >>> # TYPE DATABASE USER ADDRESS METHOD >>> >>> local miniflux miniflux trust >>> local miniflux postgres trust >>> >>> # "local" is for Unix domain socket connections only >>> local all all peer >>> # IPv4 local connections: >>> host all all 127.0.0.1/32 trust >>> >>> I'm at a complete loss. >>> >>> Any suggestions? >>> >>> Thanks, >>> >>> Ted To >>> >> -- Adrian Klaver adrian.klaver@aklaver.com
## Ted To (ted@theo.to): > Thank you -- I added two lines to the hba file to allow for ident > authentication, restarted postgres and still the same errors. You probably don't want "ident" authentication - that's the thing with "identd" (see RfC 1413), which even 20 years ago was only used in connection with IRC, but not really for "authentication". You'd rather want "scram-sha-256" as the authentication method (hoping that whatever-go-uses can do that - come on, we got that in version 10), or (if that's not possible) "md5". See https://www.postgresql.org/docs/12/auth-methods.html and https://www.postgresql.org/docs/12/auth-pg-hba-conf.html . Note that "password_encryption" has to match that authentication method from pg_hba.conf, that's described in https://www.postgresql.org/docs/12/auth-password.html . Regards, Christoph -- Spare Space
Thanks for the many responses I've gotten! What a useful and welcoming community!
I finally managed to get it configured following: https://github.com/miniflux/miniflux/issues/80#issuecomment-375996546
On 3/26/20 12:40 PM, Ted To wrote:Thank you -- I added two lines to the hba file to allow for ident authentication, restarted postgres and still the same errors.
Alright from here:
https://miniflux.app/docs/configuration.html
The Golang Postgres client pq is being used and:
"The default value for DATABASE_URL is user=postgres password=postgres dbname=miniflux2 sslmode=disable."
From here:
https://godoc.org/github.com/lib/pq#hdr-Connection_String_Parameters
"host - The host to connect to. Values that start with / are for unix
domain sockets. (default is localhost)"
So unless you have specified a host in the conf file you need to be paying attention to the lines in pg_hba.conf that start with host.
Where the two lines you added above for host?
You can check what is happening on the server end by looking in the Postgres logs. That will also show you the connection string.
Do you have more then one instance of Postgres on the machine?
On 3/26/20 3:35 PM, Ron wrote:You're only allowing "trust" authentication, not "ident" authentication.
On 3/26/20 2:29 PM, Ted To wrote:
Hi,
I'm trying to configure miniflux and am struggling to figure out how to configure postgres for that purpose. (The miniflux instructions are very terse.) Regardless of whether I run the command as the postgres user or the miniflux user, I get similar errors. I am running Centos 7 using the updated scl version of postgres (9.6.10).
With the following, the postgres user "miniflux" along with the password are specified in /etc/miniflux.conf.
$ miniflux -c /etc/miniflux.conf -migrate
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "miniflux"
I have no problems logging into postgres as the miniflux user using the same password specified in /etc/miniflux.conf.
Running the same command without specifying the configuration file uses the postgres user and also fails
$ miniflux -migrate
[INFO] The default value for DATABASE_URL is used
Current schema version: 0
Latest schema version: 26
Migrating to version: 1
[FATAL] [Migrate] pq: Ident authentication failed for user "postgres"
My /var/opt/rh/rh-postgresql96/lib/pgsql/data/pg_hba.conf file includes
# TYPE DATABASE USER ADDRESS METHOD
local miniflux miniflux trust
local miniflux postgres trust
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
I'm at a complete loss.
Any suggestions?
Thanks,
Ted To
On 2020-03-26 21:33:51 +0100, Christoph Moench-Tegeder wrote: > ## Ted To (ted@theo.to): > > Thank you -- I added two lines to the hba file to allow for ident > > authentication, restarted postgres and still the same errors. > > You probably don't want "ident" authentication - that's the thing > with "identd" (see RfC 1413), Depends on the type of socket. For unix sockets it's the same as peer authentication. > which even 20 years ago was only used in connection with IRC, but not > really for "authentication". I don't think there are any linux distributions which install identd by default any more, so it wouldn't work anyway. > You'd rather want "scram-sha-256" as the authentication method (hoping > that whatever-go-uses can do that - come on, we got that in version 10), > or (if that's not possible) "md5". Actually, for local connections I prefer "peer". I'm already authenticated by the OS, no need for a (second) password. I should add that you shouldn't use "trust" unless * no connection from other hosts is allowed, and * all users on this host should have full access anyway. This is rarely the case. hp -- _ | Peter J. Holzer | Story must make more sense than reality. |_|_) | | | | | hjp@hjp.at | -- Charles Stross, "Creative writing __/ | http://www.hjp.at/ | challenge!"