Change PostgreSQL Authentication Method from Ident to MD5

Posted on August 17, 2015 by J. Mays

Category: Technical Support | Tags: Authentication, Authentication Method, CentOS, Database, Fedora, ident, md5, postgres, psql, Systemctl, Systemd, Ubuntu

Reading Time: 2 minutes

PostgreSQL supports multiple client authentication methods including: trust, reject, md5, password, gss, sspi, krb5, ident, peer, ldap, radius, cert, and pam. Here we’re only going to concern ourselves with two: ident and md5.

Pre-Flight Check

These instructions are intended specifically for changing the PostgreSQL Authentication Method from ident to md5.
I’ll be working from a Liquid Web Core Managed CentOS 7 server, and I’ll be logged in as root.
PostgreSQL is installed per our tutorial on: How to Install and Connect to PostgreSQL on CentOS 7.

Step #1: Switch to the PostgreSQL User: postgres

If you’re working from a default PostgreSQL installation, then PostgreSQL will be configured to use the ident authentication method. What this means is that we have to connect to PostgreSQL with an allowed user, which by default is the user postgres.

Since we’re logged in as root, switch to the default PostgreSQL user, postgres:

su - postgres

… then attempt a connection to PostgreSQL:

psql

… the correct, valid response will be similar to:

psql (9.3.9) Type "help" for help. postgres=#

Step #2: Add/Change the Password for the PostgreSQL User: postgres

Use the following command to change the password for your current user, which should be postgres:

\password

Enter your new password, and confirm it:

Enter new password: Enter it again:

Now quit the psql interface:

\q

Step #3: Edit the Authentication Method

For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor.

Edit the configuration file:

vim /var/lib/pgsql/9.3/data/pg_hba.conf

Find:

# IPv4 local connections: host all all 127.0.0.1/32 ident # IPv6 local connections: host all all ::1/128 ident

Change each ident to md5:

# IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5

Then exit and save the file with the command :wq.

Now restart PostgreSQL:

systemctl restart postgresql-9.3

Step #4: Verify Your Access

Switch back to the postgres user:

su - postgres

Enter the PostgreSQL command line:

psql

You should be prompted with the following (or similar):

Password: psql (9.3.9) Type "help" for help.

Enter your password, and you’re in!

About the Author: J. Mays

As a previous contributor, JMays shares his insight with our Knowledge Base center. In our Knowledge Base, you'll be able to find how-to articles on Ubuntu, CentOS, Fedora and much more!