How to set the default user password in PostgreSQL
Posted by: AJ Welch
Firstly, it is important to understand that for most Unix distributions, the default Postgres user neither requires nor uses a password for authentication. Instead, depending how Postgres was originally installed and what version you are using, the default authentication method will either be ident
or peer
.
ident authentication uses the operating system’s identification server running at TCP port 113 to verify the user’s credentials.
peer authentication on the other hand, is used for local connections and verifies that the logged in username of the operating system matches the username for the Postgres database.
Login and connect as default user
For most systems, the default Postgres user is postgres
and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres
user.
$ sudo -u postgres psql
If you successfully connected and are viewing the psql
prompt, jump down to the Changing the Password section.
If you received an error stating that the database “postgres” doesn’t exist, try connecting to the template1
database instead and if successful, continue to Changing the Password.
$ sudo -u postgres psql template1
Authentication error
If you receive an authentication error when attempting to connect to the psql
client, you may need to alter the Postgres authentication config file (pg_hfa.conf).
Open the config file, typically located at /etc/postgresql/#.#/main/pg_hba.conf
, where #.#
is the Postgres version you are using:
$ sudo nano /etc/postgresql/9.3/main/pg_hba.conf
The auth config file is a list of authentication rules. Scroll down the file until you locate the first line displaying the postgres
user in the third column (if such a line exists). Uncomment the line if necessary (remove the semicolon), or otherwise if the line is missing entirely, add the following line to the top of the file and save your changes:
local all postgres peer
This authentication rule simply tells Postgres that for local connections established to all databases for the user postgres
, authenticate using the peer
protocol.
Note: Some older versions of Postgres prefer the default authentication method of ident, but most modern installations will utilize peer as specified above instead. You may need to test both if your results differ.
Now with your configuration file updated, repeat the steps in the Login and Connect as Default User section to try to connect to as the default postgres
user. Once successful, proceed with changing the password.
Changing the password
With a connection now established to Postgres at the psql
prompt, issue the ALTER USER
command to change the password for the postgres
user:
postgres=# ALTER USER postgres PASSWORD 'myPassword';
ALTER ROLE
If successful, Postgres will output a confirmation of ALTER ROLE
as seen above.
Finally, exit the psql
client by using the \q
command.
postgres=# \q
You’re all done. The default postgres
user now has a password associated with the account for use in your other applications.