psql: FATAL: Ident authentication failed for user "username" Error and Solution

by on August 19, 2008 · 34 comments· LAST UPDATED August 19, 2008

in , ,

Q. I've installed Postgresql under Red Hat Enterprise Linux 5.x server. I've created username / password and database. But when I try to connect it via PHP or psql using following syntax:

psql -d myDb -U username -W

It gives me an error that read as follows:

psql: FATAL: Ident authentication failed for user "username"

How do I fix this error?

A. To fix this error open PostgreSQL client authentication configuration file /var/lib/pgsql/data/pg_hba.conf :
# vi /var/lib/pgsql/data/pg_hba.conf
This file controls:

  1. Which hosts are allowed to connect
  2. How clients are authenticated
  3. Which PostgreSQL user names they can use
  4. Which databases they can access

By default Postgresql uses IDENT-based authentication. All you have to do is allow username and password based authentication for your network or webserver. IDENT will never allow you to login via -U and -W options. Append following to allow login via localhost only:

local	all	all	trust
host	all	127.0.0.1/32	trust

Save and close the file. Restart Postgresql server:
# service postgresql restart
Now, you should able to login using following command:
$ psql -d myDb -U username -W

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 34 comments… read them below or add one }

1 andrew toth January 22, 2009 at 9:36 pm

I did the modifications, and get an error message (pg version 8.3):
psql: FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.

Reply

2 himanshu March 1, 2009 at 12:18 pm

Hi, its very urgent.
I m continuously getting below error, while running JSP file in jakarta-tomcat.
PSQLException: FATAL: Ident authentication failed for user “root”

I am trying to connect to a database ‘bedrock’. I am able to login & see the DB by ‘psql -d bedrock -U root’ from cmd-prompt. But the same does not happen from JSP file. Why is it so?? Please help me, its been 5 days struggling like mads……….

Reply

3 Camitux March 4, 2009 at 3:04 am

Hey
Tanks

Reply

4 Wladek April 22, 2009 at 7:50 pm

Hi, I have the same problem. I’ve created a program in perl, which contains connector to database DBI, and driver DBD::Pg. But I have still the same answer Fatal: Ident Authetification failed for user postgres…
this is the connector:
my $dbh = DBI->connect(“DBI:Pg:dbname=test;host=localhost”, “postgres”, “”, {‘RaiseError’ => 1});

please help…

Reply

5 Anibal Leite August 31, 2009 at 3:55 pm

Tank you!

Reply

6 Saeed November 16, 2009 at 8:05 am

Thank You! saved me once :-)

Reply

7 kangu February 5, 2010 at 4:49 pm

Thanks saved one life here!

Reply

8 lamachine April 2, 2010 at 10:09 pm

@Vivek Gite
Your description is causing an error:
FATAL: missing or erroneous pg_hba.conf file
this is coming from missing column:
host all 127.0.0.1/32 trust
Here is what the working line looks like
host all all 127.0.0.1/32 trust

Reply

9 aaxc June 8, 2010 at 6:28 am

hmm… this is not working for me … any other ideas?

Reply

10 felicia June 25, 2010 at 7:36 pm

trust means to allow with no password. The command in the example will prompt for a password, but hitting enter will get you right in. You might want to use “password” instead of “trust.” See http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html.

Reply

11 ciotog November 11, 2011 at 1:35 pm

Felicia is exactly right, following this article is a potential security risk for your database. Use with caution!

Reply

12 Anand September 15, 2010 at 8:42 am

Thanks, its worked for me. Saved my time.

Reply

13 Anthalamus September 17, 2010 at 2:55 pm

worked like a charm thanks!

Reply

14 Rod McLaughlin December 22, 2010 at 11:58 pm

I found the file at /etc/postgresql/8.4/main/pg_hba.conf
I had to comment out most of the lines:
# local all all ident
# host all all 127.0.0.1/32 md5
# host all all ::1/128 md5
and add:
local all all trust
host all all 127.0.0.1/32 trust
at the bottom of pg_hba.conf

save,
sudo su – postgres
service postgresql restart
then I could do stuff (Rails 3 with RSpec)

Reply

15 paul January 1, 2011 at 11:58 am

I’m using postgresql version 8.4.5. I dont have /var/lib/pgsql/data/pg_hba.conf file. where is file located in this version?

Reply

16 Ramanathan January 6, 2011 at 3:26 pm

Hi Paul,

If you had installed pgsql using *.bin file. it will be installed in /opt/Postgres/* by default. I think this file will be in /opt/P***/8.4/data/. Better you find this file uinsg “find ./ -name pg_hba.conf” in installed location.

thanks Ramanathan

Reply

17 Rossg April 13, 2011 at 12:42 am

If you are on Ubuntu it will be /etc/postgres/8.4/main/pg_dba.conf

Reply

18 milo April 19, 2011 at 7:24 am

i’ve solved this problem by adding the following line :

local all user md5

before:

local all all ident sameuser

in my pg_hba.conf. I think it’s more elegant and secure solution.

Reply

19 umpirsky May 25, 2011 at 6:49 pm

Make sure to put in password instead trusted, and check top line, it usually have separate line for default user. Check config twice!

Reply

20 Nathan June 14, 2011 at 4:31 am

Why restart the service and kick everyone out? Just reload the config file via:

pg_ctl reload

Reply

21 Chris February 14, 2012 at 2:12 pm

This is what I had to do to fix mine, although I’m using Windows. When I attempted to use Cmd it would just give me the same error. Spent many hours attempting to fix that and finally I found that I had to create a user and database using a GUI on my server that had the same username and a password as it was asking for. Don’t know if that’ll help anyone, but that did the trick for me. =)
P.S.
My pg_hba are the defaults:
Host all all 127.0.0.1/32 md5
Host all all ::1/128 md5

Reply

22 punitha March 11, 2014 at 1:43 pm

hey chris,I am currently in that situation..
how do i find if i have got the gui installed along with postgresql8.2?

Reply

23 Chris February 21, 2012 at 1:08 pm

Thanks Rod McLaughlin, your script worked for me. Vivek, could you please fix your post? Your config is completely broken for PG 8.4 and above.

Reply

24 Dipak Chaudhari June 18, 2012 at 9:24 am

Thanks a ton !

Reply

25 Valéry Stroeder August 30, 2012 at 11:11 am

Thanks for the pretty explained post!

Reply

26 Geetchandra March 14, 2013 at 9:23 am

Thanks you so much……….password authentication just bypass

Reply

27 unbekannt March 23, 2013 at 9:53 am

What can I do, if I see this? (I couldn’t restart the server)

CET LOG: local connections are not supported by this build
CET CONTEXT: line 88 of configuration file “D:/pgdata/pg_hba.conf”
CET FATAL: could not load pg_hba.conf

In pg_hba.conf added:
local all all all trust
host all all 127.0.0.1/32 trust

Reply

28 Milu March 26, 2013 at 4:30 pm

This TRUST mechanism can be used on a per-database basis. For example,
local somedatabase someuser trust

On IPv6 enabled hosts, you also must set a TRUST method for localhost too.
I did it using :
# IPv6 local connections:
host somedatabase someuser ::1/128 trust
host all all ::1/128 ident

Reply

29 Wildan Muhlis April 28, 2013 at 1:19 pm

Great!! thanks :)

Reply

30 Peter June 22, 2013 at 5:29 pm

It has already been said, but again don’t set it to “trust”… that means you get in without a password. md5 and password auth are not much better, but surely don’t use trust.

Dear author, please fix that. Thanks.

Reply

31 Arthur F. Miller August 2, 2013 at 4:08 pm

@unbekannt
From the path of your pg_hba.conf file, which is apparently
‘D:\pgdata\pg_hba.conf’, you are running in some version of windows.
the ‘local’ at the beginning of the pg_hba.conf lines refers to the type of connection.
‘local’ basically means ‘a unix socket’ — ( unix/linux: man 2 socket; man 7 unix )
Since you are in windows, you have to connect via a TCP/IP socket.
You already have the following line.

host all all 127.0.0.1/32 trust

You should just comment out the line that says

local all all all trust

because I dont believe that you can use Unix sockets in Postgres for Windows.
Also, as said before, you should preferably change all the ‘trust’ keywords to ‘md5′ as stated earlier. You should try not to use ‘password’ because the passwords are sent in cleartext. I know the md5 algo is weak compared to sha-2, or sha-3, but ‘md5′ is still better than ‘password’. Also, a more complicated but more flexible setup would be to use LDAP or Kerberos/GSSAPI via the ‘ldap’ or ‘gss’ keywords respectively.
as far as the ‘host’ at the beginning of the line, if you are connecting to your own machine (127.0.0.1, ::1, localhost), then host is fine, if you are connecting to a remote machine, you should consider setting up SSL certificates for your postgres server. Then you would change the ‘host’ to ‘hostssl’ like the following:

#type      database      username        address                     auth_method
hostssl        all                  all               192.168.100.100/24       md5

you would change the ip address under ‘address’ to whatever address, or addresses, that your clients would connect from.
Hope this helps anyone. :)

Reply

32 Arthur F. Miller August 2, 2013 at 4:13 pm

Follow up to my last comment:
with psql you would need to use the ‘-h’ option to tell psql which host to connect to.
if it is your own machine, the localhost, it would be as follows:
psql -h localhost -U your_user_name -d database_name

Reply

33 Hugh Jass November 24, 2013 at 5:17 pm

I’m using postresql 9.2.4 on openSuse 13.1 Linux. I received authentication errors, as above. The postgresql.log reported:

“could not connect to Ident server at address “::1″, port 113 connection refused…”

See RFC 1413. The IPv6 local connections section of pg_hba.conf was edited as follows:
“host all all ::1/128 trust”

This allowed me to connect but is probably not the most secure. Hope this helps.

Reply

34 Simo May 6, 2014 at 9:05 am

Thnxs a lot.. It Worked 4 me

Reply

Leave a Comment

Tagged as: , , , , , , , ,

Previous Faq:

Next Faq: