5

Right now my Postgres' pg_hba.conf file has the following lines:

# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
#Should allow connection without password
host all all 0.0.0.0/0 trust
host all all ::0/0 trust

(I know that this is insecure. I'm just testing, and once it is successful, I'll keep it only specific users & databases)

My understanding was that trust should allow a user to connect without a password.

But when I do psql -U postgres -d postgres -h 127.0.0.1 -w, I get the error message: psql: fe_sendauth: no password supplied

What do I need to do to allow users to connect without a password?

asked Apr 27, 2018 at 9:38
4
  • Did you reload the configuration after changing the file? Commented Apr 27, 2018 at 9:43
  • Yes, I did that. I'm sure that it is loaded, because I had made a mistake in the file earlier, and postgres refused to load till I corrected it. Commented Apr 27, 2018 at 9:44
  • 1
    Is there any line before those that you have shown us? Commented Apr 27, 2018 at 9:48
  • @a_horse_with_no_name; I've updated the question Commented Apr 27, 2018 at 9:59

1 Answer 1

11

When pg_hba.conf is checked for an authentication request, the first match determines the rule.

Quote from the manual

The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no "fall-through" or "backup": if one record is chosen and the authentication fails, subsequent records are not considered

(Emphasis mine)

In your case the lines: 

host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5

are matched before the trust lines you have added, therefor Postgres requires a password. If you want to disable password authentication completely you have to disable the md5 authentication, e.g. by commenting those lines.

answered Apr 27, 2018 at 10:01

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.