I am trying to create a user mapping in PostgreSQL without a password, but I am encountering an error that says.
local_db=> select * from employee;
ERROR: could not connect to server "testmachine02"
DETAIL: connection to server at "192.168.56.10", port 5432 failed: fe_sendauth: no password supplied
Here is the command that I used to create the user mapping:
CREATE USER MAPPING for app_user SERVER testmachine02 OPTIONS (password_required 'false');
I also created a pgpass file with the following entries:
localhost:5432:local_db:app_user:app_user123
192.168.56.10:5432:admin:admin:admin123
192.168.56.10:5432:remote_db:test:test123
Despite these steps, I am still unable to access the table without a password. How can I create a user mapping without a password and access the table?
here is what I am getting after creating a .pgpass file under /pgsql:
The password file does not get proxied through your client to be used by server. The .pgpass file you need the password in is the one which would be used for the OS user who runs the database server. So often that would be something like "/var/lib/postgresql/.pgpass", not something like "/home/arahal/.pgpass". If you do this and set (password_required 'false'), it will work.
But why not just stick the password in the user mapping and be done with it? The purpose of password_required is to give you the option of using non-password-based authentication methods.
Related
I am trying to create a user mapping in PostgreSQL without a password, but I am encountering an error that says "ERROR: password is required" when I try to access a table. Here is the command that I used to create the user mapping:
CREATE USER MAPPING for app_user SERVER testmachine02 OPTIONS (user 'test');
I also created a pgpass file with the following entries:
localhost:5432:local_db:app_user:app_user123
192.168.56.10:5432:admin:admin:admin123
192.168.56.10:5432:remote_db:test:test123
testmachine02:5432:local_db:test:test123
Despite these steps, I am still unable to access the table without a password. How can I create a user mapping without a password and access the table?
If this were PostgreSQL v13 or better, the documentation would tell you what to do:
Only superusers may create or modify user mappings with the sslcert or sslkey settings.
Only superusers may connect to foreign servers without password authentication, so always specify the password option for user mappings belonging to non-superusers.
A superuser may override this check on a per-user-mapping basis by setting the user mapping option password_required 'false', e.g.,
ALTER USER MAPPING FOR some_non_superuser SERVER loopback_nopw
OPTIONS (ADD password_required 'false');
But in PostgreSQL v11, there is not way to connect without a password unless you are a superuser.
Using SQL Server 2017 I followed this article to apply Always Encrypt tech:
https://www.codeproject.com/Articles/1110564/Always-Encrypted-feature-in-SQL-Server
Which is simply says:
Create Column Master key.
Create Column Encryption key.
Encrypt the
columns using the latter.
The certificate that being used for step 1. was generated using the wizard and saved in:
Key Store: Windows Certificate Store - Local Machine
I created very simple console app that is using EF to try to get data from the table that I encrypted the column in.
I added to connection string this: column encryption setting=Enabled.
When I try to get the data:
using (MyEntities en = new MyEntities())
{
var x = en.TableHasColEnc.ToList();
}
I get this error:
'Failed to decrypt column 'X'.
Failed to decrypt a column encryption key using key store provider: 'MSSQL_CERTIFICATE_STORE'. The last 10 bytes of the encrypted column encryption key are: 'XX-XX-XX-XX-XX-XX-XX-XX-XX-XX'.
Certificate with thumbprint '...' not found in certificate store 'My' in certificate location 'LocalMachine'. Verify the certificate path in the column master key definition in the database is correct, and the certificate has been imported correctly into the certificate location/store.
Parameter name: masterKeyPath'
What I got that the user that is running this app is not able to access that location to get the certificate, but why ?
If I ran the app as Admin it'll work normally.
I opened mmc and checked Certificates (Local Computer) and found the certificate that has been used in step 1. and it looks like it's correctly in local machine not current user.
Why I'm getting this error and how to solve it ?
This answer helped me to solve the problem:
How to give ASP.NET access to a private key in a certificate in the certificate store?
The idea is to grant the user who's gonna run the app (or in case of web app the IIS application pool user) the permission to be able to read private keys.
In the correct answer explains how to grant IIS user the permission, you can do the same for who ever is running your app.
UPDATE
If your app is on one server and the DB is on another (so your Encryption Certificate most probably on DB's server) you need to export and then import that certificate from DB's server to your app server and give the user who is running your app the permission to use the private key of this certificate.
I would like to know if it is possible to change a SQL Server authentication account to Windows Authentication?
Why would I want to do this you are asking yourself right now, well I don't want to give out a SQL Server Auth username and password to multiple users to connect to the database, currently the company do things this way, and we don't really have another choice. When we deploy a new database script we don't always have the Windows Auth account before it gets released and we don't want to go an update our deployment script.
I am trying to do this using
ALTER USER Test
WITH NAME = [mydomianname\username]`
I've tried it but no luck.
I keep getting this error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the user 'Test', because it does not exist or you do not have permission.
Thank you in advance!
I think you should be altering user with login not name, because with name you just rename the user:
ALTER USER Test WITH LOGIN = [mydomianname\username]
But it is impossible because of:
Cannot remap a user of one type to a login of a different type. For
example, a SQL user must be mapped to a SQL login; it cannot be
remapped to a Windows login.
I am creating an Access project linked to a SQL Server. Instead of using Windows authentication for the SQL Server I want to use an application specific username/password and authenticate users myself using a login form. The reason is that other applications may connect to this database from a context where Windows authentication is not an option (FileMaker Server for instance).
I have found myriad discussions that cover this issue from one angle or another, but none that have actually enabled me to implement a solution. I do not have a lot of VBA or LDAP experience but I know this must be possible.
So, what I want to do is:
Ask the user for a username and password when they open the database.
Use that username and password to authenticate them
against our LDAP server.
Proceed if it passes, fail if it does not.
Can someone sketch out how this works or point me to a resource that describes this?
One way to accomplish this is to create a VBA procedure which loops through all of your linked tables and alters the connection string to embed the username and password from a login form.
You can get the syntax for the existing ODBC linked tables by going to the debug window and typing this:
? CurrentDb().TableDefs("My Table Name").Connect
Which should give you something similar to:
ODBC;DRIVER=SQL Server;SERVER=MYSQLSERVER001;UID=JPARKER;PWD=Pizza123;APP=2007 Microsoft Office system;DATABASE=MyDatabaseName
So your login form would capture the user name and password from the user, then store those as variables and use to build a new connection string. Then iterate through the tabledefs collection updating the connect property. Happens pretty quickly.
I retrieve data from SQL Server database to excel file.
When I define connection properties, I choose that I want store password.
Meanwhile, I create a new login (and grant only access to read only data from specified database).
Unfortunately I am unable to find any option in Excel to remove this stored password.
In files which defining connections (.odc extension), I found information about login, but nothing about password.
How i can do it?
Maybe obvious, but did you try to unckeck the Save password checkbox in the connection properties window and reconnect to the database?
See http://office.microsoft.com/en-us/excel-help/connect-to-import-sql-server-data-HA010217956.aspx