I’m trying to make database dumps of my Django site, but Django’s native dumpdata command is rather terrible for large databases, so I want to use pg_dump.
This works:
python
>>> import psycopg2
>>> psycopg2.connect(database='blah',user='blah',password='blah',host='localhost')
This doesn’t work
bash
# psql -U blah blah
psql: FATAL: Ident authentication failed for user "blah"
# pg_dump -U blah blah
pg_dump: [archiver (db)] connection to database "blah" failed: FATAL: Ident authentication failed for user "blah"
My searches suggest that maybe I need to change “ident” to “password” in /etc/postgresql/9.0/main/pg_hba.conf. Is that a reasonable thing to change? Why can’t I get into pg_dump using whatever method already works fine for python psycopg2?
If you supply
-h localhoston the psql/pg_dump command line, it will connect over a TCP socket instead of a unix socket. These can have different authentication methods defined in pg_hba.conf. Since “ident authentication” only applies to unix sockets, it certainly appears that’s what’s going on.Changing pg_hba.conf to use “md5” instead of “ident” for “local” lines (unix sockets) is reasonable, to stick with using the passwords defined in postgresql user accounts instead of expecting the unix username to identify the postgresql username.
In the default Debian config, the line for authenticating as “postgres” is put in separately, so that you can change the default for other users to md5 or trust as you wish, leaving just that one account protected. Istr some mutterings from Postgres users about how Debian/Ubuntu’s default of having “ident” authentication is more confusing than helpful.