psql: FATAL: Ident authentication failed for user "username" Error and Solution

last updated in Categories , , , , , ,

Q. I’ve installed Postgresql under Red Hat Enterprise Linux 5.x server. I’ve created username / password and database. But when I try to connect it via PHP or psql using following syntax:


psql -d myDb -U username -W

It gives me an error that read as follows:

psql: FATAL: Ident authentication failed for user “username”

How do I fix this error?

A. To fix this error open PostgreSQL client authentication configuration file /var/lib/pgsql/data/pg_hba.conf :
# vi /var/lib/pgsql/data/pg_hba.conf
This file controls:

  1. Which hosts are allowed to connect
  2. How clients are authenticated
  3. Which PostgreSQL user names they can use
  4. Which databases they can access

By default Postgresql uses IDENT-based authentication. All you have to do is allow username and password based authentication for your network or webserver. IDENT will never allow you to login via -U and -W options. Append following to allow login via localhost only:

local	all	all	trust
host	all	trust

Save and close the file. Restart Postgresql server:
# service postgresql restart
Now, you should able to login using following command:
$ psql -d myDb -U username -W


Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

39 comment

  1. I did the modifications, and get an error message (pg version 8.3):
    psql: FATAL: missing or erroneous pg_hba.conf file
    HINT: See server log for details.

  2. Hi, its very urgent.
    I m continuously getting below error, while running JSP file in jakarta-tomcat.
    PSQLException: FATAL: Ident authentication failed for user “root”

    I am trying to connect to a database ‘bedrock’. I am able to login & see the DB by ‘psql -d bedrock -U root’ from cmd-prompt. But the same does not happen from JSP file. Why is it so?? Please help me, its been 5 days struggling like mads……….

  3. Hi, I have the same problem. I’ve created a program in perl, which contains connector to database DBI, and driver DBD::Pg. But I have still the same answer Fatal: Ident Authetification failed for user postgres…
    this is the connector:
    my $dbh = DBI->connect(“DBI:Pg:dbname=test;host=localhost”, “postgres”, “”, {‘RaiseError’ => 1});

    please help…

  4. @Vivek Gite
    Your description is causing an error:
    FATAL: missing or erroneous pg_hba.conf file
    this is coming from missing column:
    host all trust
    Here is what the working line looks like
    host all all trust

    1. Felicia is exactly right, following this article is a potential security risk for your database. Use with caution!

  5. I found the file at /etc/postgresql/8.4/main/pg_hba.conf
    I had to comment out most of the lines:
    # local all all ident
    # host all all md5
    # host all all ::1/128 md5
    and add:
    local all all trust
    host all all trust
    at the bottom of pg_hba.conf

    sudo su – postgres
    service postgresql restart
    then I could do stuff (Rails 3 with RSpec)

  6. I’m using postgresql version 8.4.5. I dont have /var/lib/pgsql/data/pg_hba.conf file. where is file located in this version?

    1. Hi Paul,

      If you had installed pgsql using *.bin file. it will be installed in /opt/Postgres/* by default. I think this file will be in /opt/P***/8.4/data/. Better you find this file uinsg “find ./ -name pg_hba.conf” in installed location.

      thanks Ramanathan

  7. i’ve solved this problem by adding the following line :

    local all user md5


    local all all ident sameuser

    in my pg_hba.conf. I think it’s more elegant and secure solution.

  8. Make sure to put in password instead trusted, and check top line, it usually have separate line for default user. Check config twice!

  9. Why restart the service and kick everyone out? Just reload the config file via:

    pg_ctl reload

  10. This is what I had to do to fix mine, although I’m using Windows. When I attempted to use Cmd it would just give me the same error. Spent many hours attempting to fix that and finally I found that I had to create a user and database using a GUI on my server that had the same username and a password as it was asking for. Don’t know if that’ll help anyone, but that did the trick for me. =)
    My pg_hba are the defaults:
    Host all all md5
    Host all all ::1/128 md5

    1. hey chris,I am currently in that situation..
      how do i find if i have got the gui installed along with postgresql8.2?

  11. Thanks Rod McLaughlin, your script worked for me. Vivek, could you please fix your post? Your config is completely broken for PG 8.4 and above.

  12. What can I do, if I see this? (I couldn’t restart the server)

    CET LOG: local connections are not supported by this build
    CET CONTEXT: line 88 of configuration file “D:/pgdata/pg_hba.conf”
    CET FATAL: could not load pg_hba.conf

    In pg_hba.conf added:
    local all all all trust
    host all all trust

  13. This TRUST mechanism can be used on a per-database basis. For example,
    local somedatabase someuser trust

    On IPv6 enabled hosts, you also must set a TRUST method for localhost too.
    I did it using :
    # IPv6 local connections:
    host somedatabase someuser ::1/128 trust
    host all all ::1/128 ident

  14. It has already been said, but again don’t set it to “trust”… that means you get in without a password. md5 and password auth are not much better, but surely don’t use trust.

    Dear author, please fix that. Thanks.

  15. @unbekannt
    From the path of your pg_hba.conf file, which is apparently
    ‘D:\pgdata\pg_hba.conf’, you are running in some version of windows.
    the ‘local’ at the beginning of the pg_hba.conf lines refers to the type of connection.
    ‘local’ basically means ‘a unix socket’ — ( unix/linux: man 2 socket; man 7 unix )
    Since you are in windows, you have to connect via a TCP/IP socket.
    You already have the following line.

    host all all trust

    You should just comment out the line that says

    local all all all trust

    because I dont believe that you can use Unix sockets in Postgres for Windows.
    Also, as said before, you should preferably change all the ‘trust’ keywords to ‘md5’ as stated earlier. You should try not to use ‘password’ because the passwords are sent in cleartext. I know the md5 algo is weak compared to sha-2, or sha-3, but ‘md5’ is still better than ‘password’. Also, a more complicated but more flexible setup would be to use LDAP or Kerberos/GSSAPI via the ‘ldap’ or ‘gss’ keywords respectively.
    as far as the ‘host’ at the beginning of the line, if you are connecting to your own machine (, ::1, localhost), then host is fine, if you are connecting to a remote machine, you should consider setting up SSL certificates for your postgres server. Then you would change the ‘host’ to ‘hostssl’ like the following:

    #type      database      username        address                     auth_method
    hostssl        all                  all            md5

    you would change the ip address under ‘address’ to whatever address, or addresses, that your clients would connect from.
    Hope this helps anyone. :)

  16. Follow up to my last comment:
    with psql you would need to use the ‘-h’ option to tell psql which host to connect to.
    if it is your own machine, the localhost, it would be as follows:
    psql -h localhost -U your_user_name -d database_name

  17. I’m using postresql 9.2.4 on openSuse 13.1 Linux. I received authentication errors, as above. The postgresql.log reported:

    “could not connect to Ident server at address “::1″, port 113 connection refused…”

    See RFC 1413. The IPv6 local connections section of pg_hba.conf was edited as follows:
    “host all all ::1/128 trust”

    This allowed me to connect but is probably not the most secure. Hope this helps.

  18. Felt lot of head-ache untill i come to see this. Thanks a lot. I wish i had seen this 2days before. Thankyou once again.

  19. If changes in the /etc/hba.conf file don’t work for you, you might try switching to root and changing:

    This has worked for me.

    Still, have a question? Get help on our forum!