-
BASIC POSTGRESQL
6-
Lecture1.1
-
Lecture1.2
-
Lecture1.3
-
Lecture1.4
-
Lecture1.5
-
Lecture1.6
-
-
VMWARE & POSTGRESQL INSTALLATION
9-
Lecture2.1
-
Lecture2.2
-
Lecture2.3
-
Lecture2.4
-
Lecture2.5
-
Lecture2.6
-
Lecture2.7
-
Lecture2.8
-
Lecture2.9
-
-
POSTGRESQL DATABASE
6-
Lecture3.1
-
Lecture3.2
-
Lecture3.3
-
Lecture3.4
-
Lecture3.5
-
Lecture3.6
-
-
POSTGRESQL TABLE
16-
Lecture4.1
-
Lecture4.2
-
Lecture4.3
-
Lecture4.4
-
Lecture4.5
-
Lecture4.6
-
Lecture4.7
-
Lecture4.8
-
Lecture4.9
-
Lecture4.10
-
Lecture4.11
-
Lecture4.12
-
Lecture4.13
-
Lecture4.14
-
Lecture4.15
-
Lecture4.16
-
-
USER/OBJECTS PRIVILEGE AND ROLES ASIGNING
3-
Lecture5.1
-
Lecture5.2
-
Lecture5.3
-
-
TRANSACTIONS - MVCC
3-
Lecture6.1
-
Lecture6.2
-
Lecture6.3
-
-
POSTGRESQL USER/SCHEMA MANAGEMENT
9-
Lecture7.1
-
Lecture7.2
-
Lecture7.3
-
Lecture7.4
-
Lecture7.5
-
Lecture7.6
-
Lecture7.7
-
Lecture7.8
-
Lecture7.9
-
-
POSTGRESQL CONSTRAINTS
6-
Lecture8.1
-
Lecture8.2
-
Lecture8.3
-
Lecture8.4
-
Lecture8.5
-
Lecture8.6
-
-
POSTGRESQL ADVANCE DATA TYPE
5-
Lecture9.1
-
Lecture9.2
-
Lecture9.3
-
Lecture9.4
-
Lecture9.5
-
-
POSTGRESQL VIEWS
1-
Lecture10.1
-
-
POSTGRESQL MONITORING OBJECT USUAGE/SIZE
1 -
POSTGRESQL DATABASE ARCHITECTURE
4-
Lecture12.1
-
Lecture12.2
-
Lecture12.3
-
Lecture12.4
-
-
POSTGRESQL BACKUP AND RECOVERY
13-
Lecture13.1
-
Lecture13.2
-
Lecture13.3
-
Lecture13.4
-
Lecture13.5
-
Lecture13.6
-
Lecture13.7
-
Lecture13.8
-
Lecture13.9
-
Lecture13.10
-
Lecture13.11
-
Lecture13.12
-
Lecture13.13
-
-
POSTGRESQL PERFORMANCE TUNING
5-
Lecture14.1
-
Lecture14.2
-
Lecture14.3
-
Lecture14.4
-
Lecture14.5
-
-
HIGH AVAILABILITY, LOAD BALANCING, AND REPLICATION
11-
Lecture15.1
-
Lecture15.2
-
Lecture15.3
-
Lecture15.4
-
Lecture15.5
-
Lecture15.6
-
Lecture15.7
-
Lecture15.8
-
Lecture15.9
-
Lecture15.10
-
Lecture15.11
-
PostgreSQL Password Changing and Views
change the Database User Password
In this post, I am sharing basic commands to change the PostgreSQL database user password.
I would like to share this kind commands and scripts because this is very common and day to day exercise for a Database Administrator.
In the PostgreSQL, we have also one pg_hba.conf file.
pg_hba.conf is a configuration file which is controlled Client Authentication.
This file automatically installed when the data directory is initialized.
If you want to login without password, you can put “peer” or “trust” instead of md5 in this file.
like,
local all postgres peer
But for the security purpose, we should put md5.
Initially we will create sample encrypted user
create user u3 WITH ENCRYPTED PASSWORD 'u3';
create user u4 WITH ENCRYPTED PASSWORD 'u4';
Note the user password encrypted values this values will be change after changed user password
Before Changing password
postgres=# select usename,usesysid,passwd,valuntil,useconfig from PG_SHADOW;
usename | usesysid | passwd | valuntil | useconfig
----------+----------+-------------------------------------+----------+-----------
u5 | 16393 | md507a832ae72c9e818c5297f366284fb8a | |
postgres | 10 | md53175bce1d3201d16594cebf9d7eb3f9d | |
u3 | 16416 | md5dad1ef51b879799793dc38d714b97063 | |
u4 | 16417 | md54af10c3137cf79c12265e8d288070711 | |
You can change postgresl user password following two ways
1.Change u3 user password using ALTER COMMAND:
First login as postgres super user:
psql -U postgres -d postgres
Changing user password using ALTER sql Command:
ALTER USER u3 WITH PASSWORD 'MyNew_Password';
2.Changing u4 user password using \password:
First login as postgres super user:
psql -U postgres -d postgres
Using \password you can change user password while issuing the command password will prompt 2 time you have to give same password while prompting:
postgres=# \password u4
Enter new password:
Enter it again:
After password changed
postgres=# select usename,usesysid,passwd,valuntil,useconfig from PG_SHADOW;
usename | usesysid | passwd | valuntil | useconfig
----------+----------+-------------------------------------+----------+-----------
u5 | 16393 | md507a832ae72c9e818c5297f366284fb8a | |
postgres | 10 | md53175bce1d3201d16594cebf9d7eb3f9d | |
u3 | 16416 | md5e3da90548c84e1c04f27cc674aa19a28 | |
u4 | 16417 | md5ce9d5d4c1d5d47af4bc532d53a7fc0d7 | |
(4 rows)
Note: Before password changing and after password changing compare both u3 and u4 user password encrypted value
AWARENESS ABOUT PG_SHADOW & PG_AUTHID VIEWS:
PG_SHADOW is views its contains information about rolename and user password,user password validity,user connection limit and Role automatically inherits privileges of roles it is a member of,detailed information about user and privilege management.
Name | Type | Description |
usename | name | User name |
usesysid | oid | ID of this user |
usecreatedb | bool | User can create databases |
usesuper | bool | User is a superuser |
usecatupd | bool | User can update system catalogs. (Even a superuser cannot do this unless this column is true.) |
passwd | text | Password (possibly encrypted); null if none. See pg_authid for details of how encrypted passwords are stored. |
valuntil | abstime | Password expiry time (only used for password authentication) |
useconfig | text[] | Session defaults for run-time configuration variables |
Examples
— Creating password unencrypted user
postgres=# create user u2 WITH UNENCRYPTED PASSWORD 'u2';
CREATE ROLE
— Creating the user with password validation time ,this is one of the method in security maintenance once 06-06-2019 is reached means dba need to reset his/her validation time
postgres=# CREATE USER u3 WITH PASSWORD 'u3' VALID UNTIL '2019-06-06';
CREATE ROLE
— listing users password and password validation time
postgres=# select usename,usesysid,passwd,valuntil,useconfig from PG_SHADOW;
usename | usesysid | passwd | valuntil | useconfig
----------+----------+-------------------------------------+------------------------+-----------
postgres | 10 | md505ea766c2bc9e19f34b66114ace97598 | |
rep | 24576 | md5df2c887bcb2c49b903aa33bdbc5c2984 | |
u1 | 24583 | | |
u2 | 24584 | u2 | |
u3 | 24585 | md5dad1ef51b879799793dc38d714b97063 | 2019-06-06 00:00:00-04 |
nijam | 24586 | | |
(6 rows)
PG_AUTHID is views its contains information about rolename and user password,user password validity,user connection limit and Role automatically inherits privileges of roles it is a member of,detailed information about user and privilege management.
Name | Type | Description |
rolname | name | Role name |
rolsuper | bool | Role has superuser privileges |
rolinherit | bool | Role automatically inherits privileges of roles it is a member of |
rolcreaterole | bool | Role can create more roles |
rolcreatedb | bool | Role can create databases |
rolcatupdate | bool | Role can update system catalogs directly. (Even a superuser cannot do this unless this column is true) |
rolcanlogin | bool | Role can log in. That is, this role can be given as the initial session authorization identifier |
rolreplication | bool | Role is a replication role. That is, this role can initiate streaming replication and set/unset the system backup mode usingpg_start_backup and pg_stop_backup |
rolconnlimit | int4 | For roles that can log in, this sets maximum number of concurrent connections this role can make. -1 means no limit. |
rolpassword | text | Password (possibly encrypted); null if none. If the password is encrypted, this column will begin with the string md5 followed by a 32-character hexadecimal MD5 hash. The MD5 hash will be of the user’s password concatenated to their user name. For example, if user joe has password xyzzy, PostgreSQL will store the md5 hash of xyzzyjoe. A password that does not follow that format is assumed to be unencrypted. |
rolvaliduntil | timestamptz | Password expiry time (only used for password authentication); null if no expiration |
Examples
— creating unencrypted user
postgres=# create user u2 WITH UNENCRYPTED PASSWORD 'u2';
CREATE ROLE
— create the user with password validation time
postgres=# CREATE USER u3 WITH PASSWORD 'u3' VALID UNTIL '2017-06-06';
CREATE ROLE
— listing users password and password validation time
postgres=# select rolname,rolpassword,rolvaliduntil from pg_authid;
rolname | rolpassword | rolvaliduntil
----------+-------------------------------------+------------------------
postgres | md505ea766c2bc9e19f34b66114ace97598 |
rep | md5df2c887bcb2c49b903aa33bdbc5c2984 |
u1 | |
u2 | u2 |
u3 | md5dad1ef51b879799793dc38d714b97063 | 2017-06-06 00:00:00-04
(5 rows)
In PostgreSQL 10:
UNENCRYPTED PASSWORD is no longer supported after postgresql 10 Before postgresql 10 allowed to create user with unencrypted password so password will be stored as md5 encrypted type
Here i used postgresql 10.4 previous above example was postgresql 9.3
postgres=# create user u3 WITH UNENCRYPTED PASSWORD 'u3';
ERROR: UNENCRYPTED PASSWORD is no longer supported
LINE 1: create user u3 WITH UNENCRYPTED PASSWORD 'u3';
^
HINT: Remove UNENCRYPTED to store the password in encrypted form instead.
postgres=#
UNENCRYPTED PASSWORD is no longer supported after postgresql 10 , Before postgresql 10 allowed to create user with unencrypted password