Firstly, it is important to understand that for most Unix distributions, the default Postgres user neither requires nor uses a password for authentication. Instead, depending how Postgres was originally installed and what version you are using, the default authentication method will either be ident or peer.

• Postgres Password Authentication Failed
• Postgres Password Requirements
• Postgres Password File
• Change Postgres Password
• Postgres Password Authentication Failed

ident authentication uses the operating system’s identification server running at TCP port 113 to verify the user’s credentials.

1. If you use 'sudo passwd postgres', the account is immediately unlocked. Worse, if you set the password to something weak, like 'postgres', then you are exposed to a great security danger. For example, there are a number of bots out there trying the username/password combo 'postgres/postgres' to log into your UNIX system.
2. The password field from the first line that matches the current connection parameters will be used. (Therefore, put more-specific entries first when you are using wildcards.) If an entry needs to contain: or, escape this character with.
3. For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user. $ sudo -u postgres psql If you successfully connected and are viewing the psql prompt, jump down to the Changing the Password section.
4. In the beginning, PostgreSQL only had the method that is now known as “password” in pghba.conf. It is the simplest thing you can imagine: It is the simplest thing you can imagine: The client says to the server, “Hello, I’m Peter, I would like to connect.”.

Postgres Password Authentication Failed

Inside the psql shell you can give the DB user postgres a password: ALTER USER postgres PASSWORD 'newPassword'; You can leave the psql shell by typing Ctrl D or with the command q. Now you should be able to give pgAdmin a valid password for the DB superuser and it will be happy too.

peer authentication on the other hand, is used for local connections and verifies that the logged in username of the operating system matches the username for the Postgres database.

Login and Connect as Default User

For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user.

Postgres Password Requirements

If you successfully connected and are viewing the psql prompt, jump down to the Changing the Password section.

If you received an error stating that the database “postgres” doesn’t exist, try connecting to the template1 database instead and if successful, continue to Changing the Password.

Authentication Error

If you receive an authentication error when attempting to connect to the psql client, you may need to alter the Postgres authentication config file (pg_hfa.conf).

Open the config file, typically located at /etc/postgresql/#.#/main/pg_hba.conf, where #.# is the Postgres version you are using:

The auth config file is a list of authentication rules. Scroll down the file until you locate the first line displaying the postgres user in the third column (if such a line exists). Uncomment the line if necessary (remove the semicolon), or otherwise if the line is missing entirely, add the following line to the top of the file and save your changes:

This authentication rule simply tells Postgres that for local connections established to all databases for the user postgres, authenticate using the peer protocol.

Note: Some older versions of Postgres prefer the default authentication method of ident, but most modern installations will utilize peer as specified above instead. You may need to test both if your results differ.

Now with your configuration file updated, repeat the steps in the Login and Connect as Default User section to try to connect to as the default postgres user. Once successful, proceed with changing the password.

Changing the Password

With a connection now established to Postgres at the psql prompt, issue the ALTER USER command to change the password for the postgres user:

If successful, Postgres will output a confirmation of ALTER ROLE as seen above.

Finally, exit the psql client by using the q command.

You’re all done. The default postgres user now has a password associated with the account for use in your other applications.

There are 3 basic rules for keeping user credentials secure:

1. NEVER store passwords as plain text.
2. ALWAYS use a random salt when encrypting passwords.
3. DO NOT roll your own crypto.

Lucky for us, the pgcrypto module in PostgreSQL makes it very easy to follow these rules. Let us take a look at an example.

First, we need to enable pgcrypto:

Postgres Password File

Then, we can create a table for storing user credentials:

When creating a new user, we can use the crypt function to encrypt the password.

The crypt function accepts two arguments:

1. The password to encrypt
2. The salt to use when encrypting

We should always use the gen_salt function, to let PostgreSQL generate a random salt for us. I prefer using the blowfish algorithm (bf) with gen_salt, but here is a list of the algorithms you can use:

Change Postgres Password

To authenticate a user, we use crypt again, but this time we pass these arguments:

1. The submitted password
2. The encrypted password we already have in the database

Postgres Password Authentication Failed

If the password matches, crypt will return the same value as the one we already have in the database.