Postgres error message: FATAL: Ident authentication failed for user "..."

linux authentication postgresql

Say you're seeing this message:

FATAL:  Ident authentication failed for user "..."

What are the causes of this error message?


Solution 1:

It means that Postgres is trying to authenticate a user using the Ident protocol, and can't. Ident auth automatically matches Unix usernames with Postgres usernames. It works like this:

  • You have database role 'foo' on database 'db'
  • Your pg_hba.conf file (in /etc/postgres-something/main) defines 'Ident' as the protocol to connect to database db for users connecting from certain hosts
  • The unix username making the connection is 'foo'
  • An Ident server running on the machine the user is connecting from confirms that their username really is 'foo'

Possible causes and solutions:

  1. There is no Ident server running on the machine you're trying to connect from. Test this by trying to connect to it on port 113. If that fails, install an Ident server (eg, sudo apt-get install oidentd).

  2. There's an Ident server, but there's no database role matching the name you're trying to connect with ('foo' in the above example). So create it by connecting somehow to the database with superuser rights and do CREATE ROLE foo. Alternatively add an entry to /etc/postgresql/.../main/pg_ident.conf (or /var/lib/pgsql/12/data or wherever).

  3. Maybe the shell username doesn't match the database role. You may be able to test this by connecting to the Ident server while a connection is going on, and passing the right port numbers.

  4. Maybe you actually want to connect with a password, not Ident. Edit the pg_hba.conf file appropriately. For example, change:

    host all all 127.0.0.1/32 ident

to

    host all all 127.0.0.1/32 md5

Be sure to restart Postgres after updating the pg_hba.conf file. You do that by issuing the following command:

    sudo service postgresql-12 restart

Solution 2:

Not sure about the causes, but this fixed it for me:

in pg_hba.conf

change to this:

host all all 127.0.0.1/32 md5

Exact error: Caused by: org.postgresql.util.PSQLException: FATAL: Ident authentication failed for user "postgres"

Solution 3:

On CentOS, add the following line to /var/lib/pgsql/9.3/data/pg_hba.conf:

host all all 127.0.0.1/32 trust

And comment out the other entries.

Of course, this setting is not secure, but if you're just messing about on a development VM like me then it's probably fine...

Solution 4:

For Centos 7, Change pg_hba.conf to below:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
#host    all             all             127.0.0.1/32            ident
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
#host    all             all             ::1/128                 ident
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            ident
#host    replication     all             ::1/128                 ident

Related

SQL Server (2005/2008): Does full backup truncate the log in full recovery mode
AWS ELB Apache2 503 Service Unavailable: Back-end server is at capacity
Could "jibe with" imply something racist? [closed]
What's the correct use of a comma when thanking someone?
Is there a symbol for the word "as"?
Origin of "I see, said the blind man, as he waved his wooden leg"
Is the last word an adjective or the past participle of a verb in "The student looked at him, perplexed."?
Losing power in the UK vs US: what's more common?
What's the difference between "percent of" and "percentage of"?
When to use "cross-functional" or "cross-functionally"? [closed]
What is the opposite of "acquired taste"?
Word that sounds similar to "extensibly"