Close

How to set the default user password in PostgreSQL

Posted by: AJ Welch

Firstly, it is important to understand that for most Unix distributions, the default Postgres user neither requires nor uses a password for authentication. Instead, depending how Postgres was originally installed and what version you are using, the default authentication method will either be ident or peer.

ident authentication uses the operating system’s identification server running at TCP port 113 to verify the user’s credentials.

peer authentication on the other hand, is used for local connections and verifies that the logged in username of the operating system matches the username for the Postgres database.


Login and connect as default user


For most systems, the default Postgres user is postgres and a password is not required for authentication. Thus, to add a password, we must first login and connect as the postgres user.

$ sudo -u postgres psql

If you successfully connected and are viewing the psql prompt, jump down to the Changing the Password section.

If you received an error stating that the database “postgres” doesn’t exist, try connecting to the template1 database instead and if successful, continue to Changing the Password.

$ sudo -u postgres psql template1

Authentication error


If you receive an authentication error when attempting to connect to the psql client, you may need to alter the Postgres authentication config file (pg_hfa.conf).

Open the config file, typically located at /etc/postgresql/#.#/main/pg_hba.conf, where #.# is the Postgres version you are using:

$ sudo nano /etc/postgresql/9.3/main/pg_hba.conf

The auth config file is a list of authentication rules. Scroll down the file until you locate the first line displaying the postgres user in the third column (if such a line exists). Uncomment the line if necessary (remove the semicolon), or otherwise if the line is missing entirely, add the following line to the top of the file and save your changes:

local all postgres peer

This authentication rule simply tells Postgres that for local connections established to all databases for the user postgres, authenticate using the peer protocol.

Note: Some older versions of Postgres prefer the default authentication method of ident, but most modern installations will utilize peer as specified above instead. You may need to test both if your results differ.

Now with your configuration file updated, repeat the steps in the Login and Connect as Default User section to try to connect to as the default postgres user. Once successful, proceed with changing the password.

Changing the password


With a connection now established to Postgres at the psql prompt, issue the ALTER USER command to change the password for the postgres user:

postgres=# ALTER USER postgres PASSWORD 'myPassword';
ALTER ROLE

If successful, Postgres will output a confirmation of ALTER ROLE as seen above.

Finally, exit the psql client by using the \q command.

postgres=# \q

You’re all done. The default postgres user now has a password associated with the account for use in your other applications.