PostgreSQL – Fix Peer Authentication Failed for User

postgresqlruby-on-rails

I am working with PostgreSQL and I have a user with password matching the one specified in database.yml

postgres=# select * from pg_user
;
  usename   | usesysid | usecreatedb | usesuper | usecatupd | userepl |  passwd  | valuntil | useconfig 
------------+----------+-------------+----------+-----------+---------+----------+----------+-----------
 goodsounds |    16386 | t           | t        | t         | t       | ******** |          | 
 postgres   |       10 | t           | t        | t         | t       | ******** |          | 
(2 rows)

But when I try creating a database by running the command

rails db:create

I get the error

FATAL: Peer authentication failed for user "goodsounds"

Here is my pg_hba.conf:

# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     peer
# IPv4 local connections:
host    all             all             127.0.0.1/32            trust
# IPv6 local connections:
host    all             all             ::1/128                 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            trust
#host    replication     postgres        ::1/128                 trust

Previously "trust" above was md5 but I changed to see if that would help.

Here is my database.yml:

# PostgreSQL. Versions 8.2 and up are supported.
#
# Install the pg driver:
#   gem install pg
# On Mac OS X with macports:
#   gem install pg -- --with-pg-config=/opt/local/lib/postgresql84/bin/pg_config
# On Windows:
#   gem install pg
#       Choose the win32 build.
#       Install PostgreSQL and put its /bin directory on your path.
#
# Configure Using Gemfile
# gem 'pg'
#
development:
  adapter: postgresql
  encoding: unicode
  database: goodsounds_development
  pool: 5
  username: goodsounds
  password: test

  # Connect on a TCP socket. Omitted by default since the client uses a
  # domain socket that doesn't need configuration. Windows does not have
  # domain sockets, so uncomment these lines.
  host: localhost
  port: 5432

  # Schema search path. The server defaults to $user,public
  #schema_search_path: myapp,sharedapp,public

  # Minimum log levels, in increasing order:
  #   debug5, debug4, debug3, debug2, debug1,
  #   log, notice, warning, error, fatal, and panic
  # The server defaults to notice.
  #min_messages: warning

# Warning: The database defined as "test" will be erased and
# re-generated from your development database when you run "rake".
# Do not set this db to the same as development or production.
test:
  adapter: postgresql
  encoding: unicode
  database: goodsounds_test
  pool: 5
  username: goodsounds
  password: test

production:
  adapter: postgresql
  encoding: unicode
  database: goodsounds_production
  pool: 5
  username: goodsounds
  password: test

Best Answer

"Peer authentication" means that it's using a unix socket and expecting the connecting unix user to have the same unix username as the postgresql username.

Since your local unix username is funkdified and you're trying to connect as user goodsounds over a unix domain socket (local) connection where your pg_hba.conf specifies peer authentication, Pg correctly rejects your connection attempt.

This is the default behaviour for many installs when using unix sockets.

You can:

Connect via TCP/IP by specifying a hostname in your database connection settings;
edit pg_hba.conf to use md5 password authentication instead of peer authentication for unix sockets (local connection type) so Pg accepts password authentication; or
Connect with a PostgreSQL username the same as your unix username and create the user in PostgreSQL if it doesn't exist yet.

See the docs for pg_hba.conf and the rest of the client authentication chapter of the documentation.

Note that changes to pg_hba.conf do not take effect immediately, you must restart or at least reload PostgreSQL to get it to reread pg_hba.conf.

Oh, also, if you have multiple PostgreSQL versions installed you might have a libpq from one version and a server from another. In this case make sure the location for the unix socket that libpq connects to by default is the same as the server's unix_socket_directories or override it with (e.g.) host=/tmp in your connection string.

Related Solutions

Rails PostgreSQL – Fixing FATAL Peer Authentication Failed for User

If you installed postresql on your server then just host: localhost to database.yml, I usually throw it in around where it says pool: 5. Otherwise if it's not localhost definitely tell that app where to find its database.

development:
  adapter: postgresql
  encoding: unicode
  database: kickrstack_development
  host: localhost
  pool: 5
  username: kickrstack
  password: secret

Make sure your user credentials are set correctly by creating a database and assigning ownership to your app's user to establish the connection. To create a new user in postgresql 9 run:

sudo -u postgres psql

set the postgresql user password if you haven't, it's just backslash password.

postgres=# \password

Create a new user and password and the user's new database:

postgres=# create user "guy_on_stackoverflow" with password 'keepitonthedl';
postgres=# create database "dcaclab_development" owner "guy_on_stackoverflow";

Now update your database.yml file after you've confirmed creating the database, user, password and set these privileges. Don't forget host: localhost.

Rails PostgreSQL – Peer Authentication Failed for User ‘postgres’

The problem is still your pg_hba.conf file*.

This line:

local   all             postgres                                peer

Should be:

local   all             postgres                                md5

After altering this file, don't forget to restart your PostgreSQL server. If you're on Linux, that would be sudo systemctl restart postgresql (on older systems: sudo service postgresql restart).

Locating `hba.conf`

Note that the location of this file isn't very consistent.

You can use locate pg_hba.conf or ask PostgreSQL SHOW hba_file; to discover the file location.

Usual locations are /etc/postgresql/[version]/main/pg_hba.conf and /var/lib/pgsql/data/pg_hba.conf.

These are brief descriptions of the peer vs md5 options according to the official PostgreSQL docs on authentication methods.

Peer authentication

The peer authentication method works by obtaining the client's operating system user name from the kernel and using it as the allowed database user name (with optional user name mapping). This method is only supported on local connections.

Password authentication

The password-based authentication methods are md5 and password. These methods operate similarly except for the way that the password is sent across the connection, namely MD5-hashed and clear-text respectively.

If you are at all concerned about password "sniffing" attacks then md5 is preferred. Plain password should always be avoided if possible. However, md5 cannot be used with the db_user_namespace feature. If the connection is protected by SSL encryption then password can be used safely (though SSL certificate authentication might be a better choice if one is depending on using SSL).