Home Explore Blog CI



postgresql
38th chunk of `doc/src/sgml/client-auth.sgml`
d40c3a42d764158efb978d5d685f0d52496032b14e2076180000000100000bbd
       When set to <literal>1</literal>, standard user mapping with
        <filename>pg_ident.conf</filename> is skipped, and the OAuth validator
        takes full responsibility for mapping end user identities to database
        roles.  If the validator authorizes the token, the server trusts that
        the user is allowed to connect under the requested role, and the
        connection is allowed to proceed regardless of the authentication
        status of the user.
       </para>
       <para>
        This parameter is incompatible with <literal>map</literal>.
       </para>
       <warning>
        <para>
         <literal>delegate_ident_mapping</literal> provides additional
         flexibility in the design of the authentication system, but it also
         requires careful implementation of the OAuth validator, which must
         determine whether the provided token carries sufficient end-user
         privileges in addition to the <link linkend="oauth-validators">standard
         checks</link> required of all validators.  Use with caution.
        </para>
       </warning>
      </listitem>
     </varlistentry>
    </variablelist>
   </para>
  </sect1>

  <sect1 id="client-authentication-problems">
   <title>Authentication Problems</title>

   <para>
    Authentication failures and related problems generally
    manifest themselves through error messages like the following:
   </para>

   <para>
<programlisting>
FATAL:  no pg_hba.conf entry for host "123.123.123.123", user "andym", database "testdb"
</programlisting>
    This is what you are most likely to get if you succeed in contacting
    the server, but it does not want to talk to you. As the message
    suggests, the server refused the connection request because it found
    no matching entry in its <filename>pg_hba.conf</filename>
    configuration file.
   </para>

   <para>
<programlisting>
FATAL:  password authentication failed for user "andym"
</programlisting>
    Messages like this indicate that you contacted the server, and it is
    willing to talk to you, but not until you pass the authorization
    method specified in the <filename>pg_hba.conf</filename> file. Check
    the password you are providing, or check your Kerberos or ident
    software if the complaint mentions one of those authentication
    types.
   </para>

   <para>
<programlisting>
FATAL:  user "andym" does not exist
</programlisting>
    The indicated database user name was not found.
   </para>

   <para>
<programlisting>
FATAL:  database "testdb" does not exist
</programlisting>
    The database you are trying to connect to does not exist. Note that
    if you do not specify a database name, it defaults to the database
    user name.
   </para>

   <tip>
   <para>
    The server log might contain more information about an
    authentication failure than is reported to the client. If you are
    confused about the reason for a failure, check the server log.
   </para>
   </tip>
  </sect1>

 </chapter>
Title: Troubleshooting Client Authentication Issues
Summary
This section discusses common authentication problems that may occur when connecting to a database, including errors such as no matching entry in pg_hba.conf, password authentication failure, and user or database not found, and provides tips on how to troubleshoot these issues by checking the server log for more information.