468,170 Members | 2,168 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,170 developers. It's quick & easy.

pgsql user account in pgadmin doesn't need password

I just installed postgresql 7.4.5 and pgadmin3 1.0.2 on FreeBSD and noticed
that pgadmin allows the pgsql user to log in while ignoring the password.
You can enter a wrong password or no password and still get into postgresql.

I started the postmaster as a FreeBSD user named pgsql by running
postmaster -i -D /usr/local/pgsql/data
I changed postgresql's pgsql user account to have a new password via
pgadmin3 too. But I can still log in to pgadmon3 using any or no password.

Any help would be appreciated!
Nov 23 '05 #1
1 6899
I guess you run pgadmin locally, don't you?

This is because of "trust" permission for local users in your ph_hba.conf
What I normally do, I change the local socket mask to 770 and its group
to something like pgsql in postgresql.conf. So that it is impossible to
connect to it unless you
belong to that special group. The other lines in pg_hba.conf require md5
authentication via the network or localhost. But not through a local socket.

Basically pgsql seems to need a local trust access in order to start the
server.

All the above applies to earlier versions of postgres. I would expect that
your
release already has the "ident" modifier for "trust" in pg_hba.conf and it
should prevent pretending the other localusers to be a pgsql.

But I, personally still keep changing local socket permission for all my
installations,
just in case.

"John French" <hi********@yahoo.com> wrote in message
news:RS******************@bignews6.bellsouth.net.. .
I just installed postgresql 7.4.5 and pgadmin3 1.0.2 on FreeBSD and noticed
that pgadmin allows the pgsql user to log in while ignoring the password.
You can enter a wrong password or no password and still get into
postgresql.

I started the postmaster as a FreeBSD user named pgsql by running
postmaster -i -D /usr/local/pgsql/data
I changed postgresql's pgsql user account to have a new password via
pgadmin3 too. But I can still log in to pgadmon3 using any or no
password.

Any help would be appreciated!

Nov 23 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

15 posts views Thread by Joshua Beall | last post: by
13 posts views Thread by Erick Papadakis | last post: by
4 posts views Thread by - Steve - | last post: by
7 posts views Thread by John.NET | last post: by
9 posts views Thread by webrod | last post: by
4 posts views Thread by =?Utf-8?B?QXZhRGV2?= | last post: by
1 post views Thread by gcdp | last post: by
reply views Thread by kamranasdasdas | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.