Question posted in 
I just create a user and new database on my local machine.
sudo su - postgres -c "createuser gauthier"
sudo su - postgres -c "createdb local-ag-db"
Then:
$ sudo -u postgres psql
sudo -u postgres psql
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
postgres=# grant all privileges on database "local-ag-db" to gauthier;
GRANT
I can access the database locally through a socket:
$ psql local-ag-db gauthier
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
local-ag-db=> conninfo
You are connected to database "local-ag-db" as user "gauthier" via socket in "/var/run/postgresql" at port "5432".
But I cannot access it through localhost:
$ psql -d local-ag-db -h localhost -U gauthier
Password for user gauthier:
psql: fe_sendauth: no password supplied
My guess is that while createuser accepted to create a user without a password, logging in through the host requires identification that this user cannot provide.
This is the default content of /etc/postgresql/11/main/pg_hba.conf:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I have tried adding this at the end of that file, after reading the included documentation:
host local-ag-db gauthier samehost peer
but that did not work (after a restart sudo /etc/init.d/postgresql restart), it even broke my Unix socket access:
$ psql local-ag-db gauthier
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
I also tried this as last row of my config, with the same result:
host local-ag-db gauthier 127.0.0.1/32 peer
My questions:
- how do I allow my local user to access the database through localhost?
- how do I edit my conf file so that I don’t break everything? (Unix socket method stops working when I add a rule)
On Debian.
2
Answers
You will need to add a line like:
As you have no explicit rule currently it is dropping through to another catch all rule and prompting for authentication. Adrian’s comment above is saying the same and likewise I don’t suggest using trust outside of testing your connectivity – you really should assign a password and enforce it.
Adding entries to the pg_hba.conf needs care as the PostgreSQL will find the first match:
From https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
Regarding
Looks like the restart may not have worked. Looks like no response rather than authentication failure.
Your server is not running. It never came back up when you tried to restart it, because you broke your hba. If you look in the log file, you should something like:
Unbreak your pg_hba.conf and start the server again. Also, read your log files when you don’t know what’s going on. That is what they are there for.
You will need to choose a different method for authentication over localhost.
identis equivalent topeer, but it requires you to run the identd daemon on the server, and is not very secure for any addresses other than loopback ones.