pgadmin4 allows login as admin user with wrong password - database

I created an admin user with password in pgadmin4:
CREATE USER admin WITH
LOGIN
SUPERUSER
CREATEDB
CREATEROLE
INHERIT
REPLICATION
CONNECTION LIMIT -1
PASSWORD 'xxxxxx';
But I can login to the respective server with the admin user and any wrong password.
I used psql command line to check if the user has been created, and it is.
# SELECT usename FROM pg_user;
usename
------------
postgres
xxxxxxxxxxx
admin
(3 rows)
I checked if I can login with the admin user and a wrong password through psql command line, and it worked...
Am I doing something wrong?
Pgadmin4 v1.1
Postgresql v9.6
Same problem on Centos 6.8 and macOSX 19.12.1

This is speculation, but it's educated speculation, as I encountered a similar issue.
If your pg_hba.conf file, I am pretty confident you have the admin user set up as "trust." This pretty much means it can log in from anywhere you specified, without a password.
If you change this to "md5," it should resolve the issue.
# TYPE DATABASE USER ADDRESS METHOD
host all admin <whatever> trust
change to
host all admin <whatever> md5
Of course some of these fields may be different, depending on how you have the server set up, but you get the idea.

Related

Why can't I create a database with my main user account with PostgreSQL?

So I have PostgreSQL installed fine, and am trying to run the createdb 'test' command in the Terminal. I am on my normal user account. When trying to create the database, I am asked for a password twice, then I get the error message createdb: error: could not connect to database template1: FATAL: password authentication failed for user "sethmarks". Does this mean I entered the incorrect password or that I do not have permission to create databases under this user? I am getting confused and frustrated by this and would like to know what is going on. I am entering the password I use for the OS user I am currently logged into.
I am able to create a database when I do sudo su - postgres and then create it when I am doing it under the Postgres user, but that is not going to work with my program. Can anybody help me figure this out?
I included a picture of the terminal to show the process and what happens when attempting to create a new db. Thank you very much.
It depends on the privileges that have been granted to your user account and which privileges have been granted to PUBLIC.
You can query some privileges with psql \du meta command for the current user.
In your case you need at least to run as superuser:
grant connect on database template1 to sethmarks;
I don't exactly why password is requested twice: this is not caused by wrong password: I have the same behaviour but I need to give the database user password not the OS user password.

phpMyAdmin - #1044 - Access denied for user ''#'localhost' to database

I am trying to set up my WordPress project, and I am using WampServer. In phpMyAdmin, I simply tried to create a new database, but I got this error : #1044 - Access denied for user ''#'localhost' to database 'wp'. I never had this problem before.
In WAMPServer when you run phpMyAdmin you are shown a login screen.
By default :
The Username = root
And the Password is not set so you should not enter a password in the Password field.
Then press the Go button to login.
This will log you in as the root SuperUser, who can do anything on a MySQL Server.
If you leave the Username blank, like it appears you did, you are logged in as an annonymous user with no rights to do anything much at all.
Login to the web console for phpMyAdmin and navigate to the wp database
Click on the SQL tab and paste this code:
grant all privileges on wp.* to user#localhost identified by 'PASSWORD';
flush privileges;
\q
Change the user's credentials to match your config, then
Click Ok and it should work!
You can read more about GRANT's syntax at MySQL's site.
Hope it helps!

Firebird database SYSDBA connection error

I just installed Firebird for Win64, and I was trying to connect to the employee database which comes pre-packaged with ISQL.
Following the steps from the Firebird official QuickStart Documentation I opened the ISQL utility and entered:
connect localhost:employee user sysdba password masterkey;
As a result I got:
Statement failed, SQLSTATE = 28000
Your user name and password are not defined. Ask your database administrator to set up a Firebird login.
Strangest thing is that if I navigate to the employee database sample itself and issue the isql command from there I can successfully connect.
The difference is that connecting directly to a database file doesn't require a password, it will even ignore the password, and just use the provided user to know which privileges to apply.
Without a hostname, ISQL will by default use Firebird embedded mode, and not the server. To compare, try using isql employee.fdb (or isql employee), it will just login with your current OS username, while isql localhost:employee will fail with a 'Your user name and password are not defined'.
It looks like you specified a different password than the default of masterkey, or somehow the sysdba account wasn't initialized. I recall there was a problem with the installer of an earlier Firebird 3 version, but I don't think 3.0.2 should be affected by this (or at least: it worked for me).
If the SYSDBA account wasn't initialized, then follow the steps of the Firebird 3 release notes, section Initializing the Security Database:
Initialization Steps
Initialization is performed in embedded mode using the isql utility.
For an embedded connection, an authentication password is not required
and will be ignored if you provide one. An embedded connection will
work fine with no login credentials and “log you in” using your host
credentials if you omit a user name. However, even though the user
name is not subject to authentication, creating or modifying anything
in the existing security database requires that the user be SYSDBA;
otherwise, isql will throw a privilege error for the CREATE USER
request.
The SQL user management commands will work with any open database.
Because the sample database employee.fdb is present in your
installation and already aliased in databases.conf, it is convenient
to use it for the user management task.
Stop the Firebird server. Firebird 3 caches connections to the security database aggressively. The presence of server connections may
prevent isql from establishing an embedded connection.
In a suitable shell, start an isql interactive session, opening the employee database via its alias:
> isql -user sysdba employee
Create the SYSDBA user:
SQL> create user SYSDBA password 'SomethingCryptic';
SQL> commit;
SQL> quit;
To complete the initialization, start the Firebird server again. Now you will be able to perform a network login to databases,
including the security database, using the password you assigned to
SYSDBA.
Where 'SomethingCryptic', should be your password.
If a SYSDBA user was created, you will need to change its password if you no longer remember what you set. Follow the same steps, but in step 3 do:
SQL> alter user SYSDBA set password '<new password>';
SQL> commit;
SQL> quit;
If this gives an error "record not found for user: SYSDBA", make sure you are really connected as SYSDBA, otherwise retry the original step 3. Not having admin access will behave as if the user doesn't exist, so the error is the same if the user really doesn't exist, or if you are connected with an unprivileged user.
CONNECT 'employee' user 'SYSDBA' password 'masterkey';
You need make sure that your alias.conf have something like this: employee=C:/examplepath/employee.fdb
make sure that the services of firebird is on

No password prompt for postgresql superuser

After I installed PostgreSQL 9.1 on Ubuntu 12.04 I set the password for the "postgres" superuser account. I want all users to have to enter their password when loging in. This is why I configured pg_hba.conf like so:
#Database administrative login by Unix domain socket
local all postgres md5
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
I restarted postgresql after making those changes. When I do this psql -U testuser I get asked for a password, but when I log in with the "postgres" account like so psql -U postgres I get no password prompt and am logged in.
If I force the password prompt with psql -U postgres -W I can log in by typing the correct password or by typing nothing at all. Typing a wrong password gets rejected.
Can anybody please explain to me why this is happening?
On a related note: I see a lot of example where people use ident as authentication method for the "postgres" user, arguing that to become the "postgres" user one needs the root password of the machine. I assume that the reasoning is that if an attacker gets root access, your done anyways. I would prefer to log in with a password though, one which is not the same as the root password. I prefere having different passwords for different things. Is this reasonable?
Output of grep '^[^#]' pg_hba.conf
local all postgres md5
local all all md5
host all all 127.0.0.1/32 md5
Your pg_hba.conf should indeed require a password for unix socket connections, but there are still ways around it that you should verify:
a .pgpass file in the postgres home directory containing the password (also check the PGPASSFILE environment variable for a non-standard path).
the PGPASSWORD environment variable could be set.
And there's also the possibility that you're editing the wrong pg_hba.conf file.
When connected as postgres, the correct path can be obtained for verification with the SHOW hba_file SQL command.
Also, you may want to check the log file, /var/log/postgresql/postgresql-9.1-main.log for confirmation that the configuration files are reloaded when you ask for it, and look for any suspect message during the authentication.
As for the reason why passwordless connections with the postgres user are common, the debian PG-9.1 pg_hba.conf has this comment about disallowing them:
# DO NOT DISABLE!
# If you change this first entry you will need to make sure that the
# database superuser can access the database using some other method.
# Noninteractive access to all databases is required during automatic
# maintenance (custom daily cronjobs, replication, and similar tasks).
#
# Database administrative login by Unix domain socket
local all postgres peer
Since Debian and Ubuntu use the same postgres packages, this applies to Ubuntu as well.
Re your odd behaviour, I think you've missed a line of pg_hba.conf that's specific to the postgres user. Please show the output of:
grep '^[^#]' pg_hba.conf
As for ident vs md5; personally I prefer ident for interactive use in development, and it's fine for normal users, but I don't think giving access to the postgres user via sudo is a great idea. Both sudo -u postgres psql and psql -U postgres -W grant access to the postgres superuser role and thus file system access as the database user. Neither require a root password, and sudo can easily be constrained via sudoers to limit the invoking user to just running psql. However, with sudo -u postgres psql the client code runs as postgres too, so it's a bigger attack surface, and there's always the chance of the user finding a way to bypass your sudoer limits.
I use ident in dev, md5 in production.

Parallels Plesk Panel unable to connect to database

I don't know how to create a database into Parallels Plesk Panel, so I tried it going to the PhpMyAdmin creating the database and modifying the admin user password from there, but now the system is showing me the next error:
ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:150
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:107
ERROR: PleskFatalException
Unable to connect to database: saved admin password is incorrect.
0: common_func.php3:150
psaerror(string 'Unable to connect to database: saved admin password is incorrect.')
1: auth.php3:107
What can I do to fix it?
Try to connect to psa database:
mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa
In case you cannot connect, try to update admin user for mysql with this password. After that Plesk should be able to connect with this database.
I also add this problem, for me the above solution didnt work. it appears plesk has been evolving it's password protection (e.g. .psa.shadow is now aes-cbc encrypted)
this kb article worked for me - i'm using plesk 11.09
http://kb.parallels.com/112492
I got myself into this situation when i got a cloud vm instance where i couldnt log into mysql. so i mysqld_safe and updated the admin password to what it was supposed to be, which meant i could log in but I also broke plesk. this kb got plesk back on its feet again
One thing I found; after following these steps I am not able to login to the plesk 'admin' user on the command line, even with the password i specified in the env variable ! so before resetting the admin password as per this kb article, create another mysql user with all privileges. then use the new user so you dont have the problem of sharing a user with plesk
as to why this happens i dont know, i'm interested if someone does. what appears to be happening is that the ch_admin_passwd of psa starts mysql with security disabled, does some operation on the password (obfuscate?, encrypt?, add salt?) and sets that password for the admin user. whatever that interim operation means that while plesk can log into mysql as admin because it's consistent with itself, the cleartext version of the password specified to ch_admin_passwd does not work on the command line with mysql

Resources