I’m getting the error:
FATAL: Peer authentication failed for user "postgres"
when I try to make postgres work with Rails.
Here’s my pg_hba.conf
, my database.yml
, and a dump of the full trace.
I changed authentication to md5 in pg_hba and tried different things, but none seem to work.
I also tried creating a new user and database as per Rails 3.2, FATAL: Peer authentication failed for user (PG::Error)
But they don’t show up on pgadmin or even when I run sudo -u postgres psql -l
.
Any idea where I’m going wrong?
25 s
The problem is still your pg_hba.conf
file*.
This line:
local all postgres peer
Should be:
local all postgres md5
After altering this file, don’t forget to restart your PostgreSQL server. If you’re on Linux, that would be sudo service postgresql restart
.
Locating hba.conf
Note that the location of this file isn’t very consistent.
You can use locate pg_hba.conf
or ask PostgreSQL SHOW hba_file;
to discover the file location.
Usual locations are /etc/postgresql/[version]/main/pg_hba.conf
and /var/lib/pgsql/data/pg_hba.conf
.
These are brief descriptions of the peer
vs md5
options according to the official PostgreSQL docs on authentication methods.
Peer authentication
The peer authentication method works by obtaining the client’s
operating system user name from the kernel and using it as the allowed
database user name (with optional user name mapping). This method is
only supported on local connections.
Password authentication
The password-based authentication methods are md5 and password. These
methods operate similarly except for the way that the password is sent
across the connection, namely MD5-hashed and clear-text respectively.If you are at all concerned about password “sniffing” attacks then md5
is preferred. Plain password should always be avoided if possible.
However, md5 cannot be used with the db_user_namespace feature. If the
connection is protected by SSL encryption then password can be used
safely (though SSL certificate authentication might be a better choice
if one is depending on using SSL).