≡ Menu

psql: FATAL: Ident authentication failed for user "username" Error and Solution

Q. I've installed Postgresql under Red Hat Enterprise Linux 5.x server. I've created username / password and database. But when I try to connect it via PHP or psql using following syntax:

psql -d myDb -U username -W

It gives me an error that read as follows:

psql: FATAL: Ident authentication failed for user "username"

How do I fix this error?

A. To fix this error open PostgreSQL client authentication configuration file /var/lib/pgsql/data/pg_hba.conf :
# vi /var/lib/pgsql/data/pg_hba.conf
This file controls:

  1. Which hosts are allowed to connect
  2. How clients are authenticated
  3. Which PostgreSQL user names they can use
  4. Which databases they can access

By default Postgresql uses IDENT-based authentication. All you have to do is allow username and password based authentication for your network or webserver. IDENT will never allow you to login via -U and -W options. Append following to allow login via localhost only:

local	all	all	trust
host	all	trust

Save and close the file. Restart Postgresql server:
# service postgresql restart
Now, you should able to login using following command:
$ psql -d myDb -U username -W

{ 36 comments… add one }

  • andrew toth January 22, 2009, 9:36 pm

    I did the modifications, and get an error message (pg version 8.3):
    psql: FATAL: missing or erroneous pg_hba.conf file
    HINT: See server log for details.

  • himanshu March 1, 2009, 12:18 pm

    Hi, its very urgent.
    I m continuously getting below error, while running JSP file in jakarta-tomcat.
    PSQLException: FATAL: Ident authentication failed for user “root”

    I am trying to connect to a database ‘bedrock’. I am able to login & see the DB by ‘psql -d bedrock -U root’ from cmd-prompt. But the same does not happen from JSP file. Why is it so?? Please help me, its been 5 days struggling like mads……….

  • Camitux March 4, 2009, 3:04 am


  • Wladek April 22, 2009, 7:50 pm

    Hi, I have the same problem. I’ve created a program in perl, which contains connector to database DBI, and driver DBD::Pg. But I have still the same answer Fatal: Ident Authetification failed for user postgres…
    this is the connector:
    my $dbh = DBI->connect(“DBI:Pg:dbname=test;host=localhost”, “postgres”, “”, {‘RaiseError’ => 1});

    please help…

  • Anibal Leite August 31, 2009, 3:55 pm

    Tank you!

  • Saeed November 16, 2009, 8:05 am

    Thank You! saved me once :-)

  • kangu February 5, 2010, 4:49 pm

    Thanks saved one life here!

  • lamachine April 2, 2010, 10:09 pm

    @Vivek Gite
    Your description is causing an error:
    FATAL: missing or erroneous pg_hba.conf file
    this is coming from missing column:
    host all trust
    Here is what the working line looks like
    host all all trust

  • aaxc June 8, 2010, 6:28 am

    hmm… this is not working for me … any other ideas?

  • felicia June 25, 2010, 7:36 pm

    trust means to allow with no password. The command in the example will prompt for a password, but hitting enter will get you right in. You might want to use “password” instead of “trust.” See http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html.

    • ciotog November 11, 2011, 1:35 pm

      Felicia is exactly right, following this article is a potential security risk for your database. Use with caution!

  • Anand September 15, 2010, 8:42 am

    Thanks, its worked for me. Saved my time.

  • Anthalamus September 17, 2010, 2:55 pm

    worked like a charm thanks!

  • Rod McLaughlin December 22, 2010, 11:58 pm

    I found the file at /etc/postgresql/8.4/main/pg_hba.conf
    I had to comment out most of the lines:
    # local all all ident
    # host all all md5
    # host all all ::1/128 md5
    and add:
    local all all trust
    host all all trust
    at the bottom of pg_hba.conf

    sudo su – postgres
    service postgresql restart
    then I could do stuff (Rails 3 with RSpec)

  • paul January 1, 2011, 11:58 am

    I’m using postgresql version 8.4.5. I dont have /var/lib/pgsql/data/pg_hba.conf file. where is file located in this version?

    • Ramanathan January 6, 2011, 3:26 pm

      Hi Paul,

      If you had installed pgsql using *.bin file. it will be installed in /opt/Postgres/* by default. I think this file will be in /opt/P***/8.4/data/. Better you find this file uinsg “find ./ -name pg_hba.conf” in installed location.

      thanks Ramanathan

    • Rossg April 13, 2011, 12:42 am

      If you are on Ubuntu it will be /etc/postgres/8.4/main/pg_dba.conf

  • milo April 19, 2011, 7:24 am

    i’ve solved this problem by adding the following line :

    local all user md5


    local all all ident sameuser

    in my pg_hba.conf. I think it’s more elegant and secure solution.

  • umpirsky May 25, 2011, 6:49 pm

    Make sure to put in password instead trusted, and check top line, it usually have separate line for default user. Check config twice!

  • Nathan June 14, 2011, 4:31 am

    Why restart the service and kick everyone out? Just reload the config file via:

    pg_ctl reload

  • Chris February 14, 2012, 2:12 pm

    This is what I had to do to fix mine, although I’m using Windows. When I attempted to use Cmd it would just give me the same error. Spent many hours attempting to fix that and finally I found that I had to create a user and database using a GUI on my server that had the same username and a password as it was asking for. Don’t know if that’ll help anyone, but that did the trick for me. =)
    My pg_hba are the defaults:
    Host all all md5
    Host all all ::1/128 md5

    • punitha March 11, 2014, 1:43 pm

      hey chris,I am currently in that situation..
      how do i find if i have got the gui installed along with postgresql8.2?

  • Chris February 21, 2012, 1:08 pm

    Thanks Rod McLaughlin, your script worked for me. Vivek, could you please fix your post? Your config is completely broken for PG 8.4 and above.

  • Dipak Chaudhari June 18, 2012, 9:24 am

    Thanks a ton !

  • Valéry Stroeder August 30, 2012, 11:11 am

    Thanks for the pretty explained post!

  • Geetchandra March 14, 2013, 9:23 am

    Thanks you so much……….password authentication just bypass

  • unbekannt March 23, 2013, 9:53 am

    What can I do, if I see this? (I couldn’t restart the server)

    CET LOG: local connections are not supported by this build
    CET CONTEXT: line 88 of configuration file “D:/pgdata/pg_hba.conf”
    CET FATAL: could not load pg_hba.conf

    In pg_hba.conf added:
    local all all all trust
    host all all trust

  • Milu March 26, 2013, 4:30 pm

    This TRUST mechanism can be used on a per-database basis. For example,
    local somedatabase someuser trust

    On IPv6 enabled hosts, you also must set a TRUST method for localhost too.
    I did it using :
    # IPv6 local connections:
    host somedatabase someuser ::1/128 trust
    host all all ::1/128 ident

  • Wildan Muhlis April 28, 2013, 1:19 pm

    Great!! thanks :)

  • Peter June 22, 2013, 5:29 pm

    It has already been said, but again don’t set it to “trust”… that means you get in without a password. md5 and password auth are not much better, but surely don’t use trust.

    Dear author, please fix that. Thanks.

  • Arthur F. Miller August 2, 2013, 4:08 pm

    From the path of your pg_hba.conf file, which is apparently
    ‘D:\pgdata\pg_hba.conf’, you are running in some version of windows.
    the ‘local’ at the beginning of the pg_hba.conf lines refers to the type of connection.
    ‘local’ basically means ‘a unix socket’ — ( unix/linux: man 2 socket; man 7 unix )
    Since you are in windows, you have to connect via a TCP/IP socket.
    You already have the following line.

    host all all trust

    You should just comment out the line that says

    local all all all trust

    because I dont believe that you can use Unix sockets in Postgres for Windows.
    Also, as said before, you should preferably change all the ‘trust’ keywords to ‘md5’ as stated earlier. You should try not to use ‘password’ because the passwords are sent in cleartext. I know the md5 algo is weak compared to sha-2, or sha-3, but ‘md5’ is still better than ‘password’. Also, a more complicated but more flexible setup would be to use LDAP or Kerberos/GSSAPI via the ‘ldap’ or ‘gss’ keywords respectively.
    as far as the ‘host’ at the beginning of the line, if you are connecting to your own machine (, ::1, localhost), then host is fine, if you are connecting to a remote machine, you should consider setting up SSL certificates for your postgres server. Then you would change the ‘host’ to ‘hostssl’ like the following:

    #type      database      username        address                     auth_method
    hostssl        all                  all            md5

    you would change the ip address under ‘address’ to whatever address, or addresses, that your clients would connect from.
    Hope this helps anyone. :)

  • Arthur F. Miller August 2, 2013, 4:13 pm

    Follow up to my last comment:
    with psql you would need to use the ‘-h’ option to tell psql which host to connect to.
    if it is your own machine, the localhost, it would be as follows:
    psql -h localhost -U your_user_name -d database_name

  • Hugh Jass November 24, 2013, 5:17 pm

    I’m using postresql 9.2.4 on openSuse 13.1 Linux. I received authentication errors, as above. The postgresql.log reported:

    “could not connect to Ident server at address “::1″, port 113 connection refused…”

    See RFC 1413. The IPv6 local connections section of pg_hba.conf was edited as follows:
    “host all all ::1/128 trust”

    This allowed me to connect but is probably not the most secure. Hope this helps.

  • Simo May 6, 2014, 9:05 am

    Thnxs a lot.. It Worked 4 me

  • Sreenath October 11, 2014, 6:35 am

    Felt lot of head-ache untill i come to see this. Thanks a lot. I wish i had seen this 2days before. Thankyou once again.

  • Olga Maciaszek-Sharma December 15, 2014, 2:08 pm

    If changes in the /etc/hba.conf file don’t work for you, you might try switching to root and changing:

    This has worked for me.

Leave a Comment

   Tagged with: , , , , , , , ,