我想为我在 Amazon Linux ec2 服务器上设置的 psql 数据库添加密码保护。我只希望可以通过服务器实例访问数据库(我通过 putty 连接到服务器),并且只能通过密码身份验证。
以前,我的 pg_hba.conf (位于 /var/lib/pgsql/data/)看起来像这样(用户:全部,方法:信任):
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all postgres trust
# IPv4 local connections:
host all postgres 127.0.0.1/32 trust
# IPv6 local connections:
host all postgres ::1/128 trust
# replication privilege.
local replication postgres trust
host replication postgres 127.0.0.1/32 trust
host replication postgres ::1/128 trust
为了保护它,我将其更改为这样(用户:postgres,方法:scram-sha-256):
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all scram-sha-256
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all scram-sha-256
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256
要设置密码,我使用了(进入postgres终端):
[ec2-user@AWS]: sudo -u postgres psql
然后我跑:
postgres=# ALTER ROLE postgres PASSWORD 'new_password';
我收到:
ALTER ROLE
然后当我退出 postgres 终端并更改为 postgres 用户时:
[ec2-user@AWS]: su - postgres
系统提示我输入密码。 我输入之前设置的:
Password: 'new_password'
我得到:
su: Authentification failure
我错过了什么..?
在更改密码之前,您必须将
password_encryption
设置为 scram-sha-256
并重新加载服务器。 scram-sha-256
身份验证仅适用于 scram-sha-256
哈希密码。