44

Say you're seeing this message:

FATAL:  Ident authentication failed for user "..."

What are the causes of this error message?

Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55
Steve Bennett
  • 5,539
  • 12
  • 45
  • 57

6 Answers6

60

It means that Postgres is trying to authenticate a user using the Ident protocol, and can't. Ident auth automatically matches Unix usernames with Postgres usernames. It works like this:

  • You have database role 'foo' on database 'db'
  • Your pg_hba.conf file (in /etc/postgres-something/main) defines 'Ident' as the protocol to connect to database db for users connecting from certain hosts
  • The unix username making the connection is 'foo'
  • An Ident server running on the machine the user is connecting from confirms that their username really is 'foo'

Possible causes and solutions:

  1. There is no Ident server running on the machine you're trying to connect from. Test this by trying to connect to it on port 113. If that fails, install an Ident server (eg, sudo apt-get install oidentd).

  2. There's an Ident server, but there's no database role matching the name you're trying to connect with ('foo' in the above example). So create it by connecting somehow to the database with superuser rights and do CREATE ROLE foo. Alternatively add an entry to /etc/postgresql/.../main/pg_ident.conf (or /var/lib/pgsql/12/data or wherever).

  3. Maybe the shell username doesn't match the database role. You may be able to test this by connecting to the Ident server while a connection is going on, and passing the right port numbers.

  4. Maybe you actually want to connect with a password, not Ident. Edit the pg_hba.conf file appropriately. For example, change:

    host all all 127.0.0.1/32 ident

to

    host all all 127.0.0.1/32 md5

Be sure to restart Postgres after updating the pg_hba.conf file. You do that by issuing the following command:

    sudo service postgresql-12 restart
Steve Bennett
  • 5,539
  • 12
  • 45
  • 57
  • 7
    For fedora, the file is in `/var/lib/psql/data` – Anwar Jul 20 '17 at 14:55
  • I don't suppose anyone would care to answer why postgres uses 'ident' as the default login? – icc97 Dec 17 '17 at 18:59
  • Because that made sense 20 years ago and nothing ever changes in *nix? :) – Steve Bennett Dec 18 '17 at 03:27
  • @icc97, nothing in this answer indicates that "ident" is the default login for Postgres; where did you get that idea? So far as I know the default superuser role name in a Postgres cluster is "postgres". – Wildcard Sep 20 '19 at 23:53
  • 1
    A useful thing to check is which `pg_hba.conf` file is being used. For me (Fedora 31), it was in `/var/lib/pgsql/12/data/pg_hba.conf`. Running `show hba_file;` in `psql` got me to the correct file – Kellen Feb 02 '20 at 19:58
  • Thank you! On Fedora 35 Step 4 did it for me. Restart command at the end is now `sudo service postgresql restart` – Niko Dunk Dec 30 '21 at 06:58
  • Idk why, but also changing the `host replication all 127.0.0.1/32 md5` didnt worked for me, I had to change `host replication all ::1/128 md5` this line also – Aditya Yadav Jul 26 '22 at 15:08
9

Not sure about the causes, but this fixed it for me:

in pg_hba.conf

change to this:

host all all 127.0.0.1/32 md5

Exact error: Caused by: org.postgresql.util.PSQLException: FATAL: Ident authentication failed for user "postgres"

jacktrades
  • 612
  • 3
  • 8
  • 15
4

On CentOS, add the following line to /var/lib/pgsql/9.3/data/pg_hba.conf:

host all all 127.0.0.1/32 trust

And comment out the other entries.

Of course, this setting is not secure, but if you're just messing about on a development VM like me then it's probably fine...

XåpplI'-I0llwlg'I -
  • 271
  • 1
  • 2
  • 7
2

For Centos 7, Change pg_hba.conf to below:

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
#host    all             all             127.0.0.1/32            ident
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
#host    all             all             ::1/128                 ident
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     all                                     peer
#host    replication     all             127.0.0.1/32            ident
#host    replication     all             ::1/128                 ident
Demur Rumed
  • 103
  • 3
KulJeet
  • 21
  • 1
1

Try to use -h 127.0.0.1 instead of -h localhost

despotbg
  • 111
  • 2
0

If you have not tried this already, review your pg_hba.conf file. It will be named something like /var/lib/pgsql/9.3/data/pg_hba.conf (Fedora 20); you may have to use 'find / -name pg_hba.conf' to locate it.

At the bottom of the file, change the 'METHOD' values to 'trust' for local testing (see postgres docs for full information). Reboot the machine to ensure everything is started clean and the new params are read.

Hopefully this will cure your woes. It solved my problems on Fedora 20 with PostgreSQL 9.3.

Alan Thompson
  • 101
  • 2
  • 2
    It's not necessary to reboot your entire machine when altering the PostgreSQL configs. Instead, try using `pg_ctl reload` from the console, or `SELECT pg_reload_conf();` when executing SQL as a privileged user. – benjwadams Oct 31 '14 at 19:53