.pgpass

I cannot seem to run the dsapp utility routines. it is telling me :
psql: Fatal: password authentication failed for the user "datasync_user"
The .pgpass files password portion is encrypted.
the other mobility servers we have it is in clear text.
All versions are 2.0.1 build 53 running on SLES 11 sp3.
  • Why would the password get encrypted?
    Can I decrypt it? or remake the file?



    >>> dkamp<NoSpam@myaddress.com> 7/10/2014 3:36 PM >>>


    I cannot seem to run the dsapp utility routines. it is telling me :
    psql: Fatal: password authentication failed for the user "datasync_user"
    The .pgpass files password portion is encrypted.
    the other mobility servers we have it is in clear text.
    All versions are 2.0.1 build 53 running on SLES 11 sp3.
  • In article <53C90C04.043F.00C6.1@myaddress.com>, Dkamp wrote:
    > Why would the password get encrypted?
    > Can I decrypt it? or remake the file?


    I don't know off hand, but it would be worth a try. Perhaps copy one
    from another server on to this one. Just make sure you make a backup
    copy of this encrypted one.
    There is a bit about this file in the GMS documentation that might be
    of some use
    https://www.novell.com/documentation/groupwisemobility2/gwmob2_guide_ad
    min/data/admin_mgt_backup.html

    my deployments appear in the format of
    *:*:*:*:ourpassword
    (so obviously for any/all databases)

    if the first password you try doesn't work, certainly try the root one
    as well as any others used on that system.

    Sorry for the delay, this one took a bit of digging just to get this
    far.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

  • Thank You Andy
    The layers are being revealed but still unclear.
    my .pgpass file was created by me and was as your example and clear text.
    I did not knowingly do anything to it.
    Now it is
    *:*:*:*:(then a big string of seemingly random characters)
    I replaced the string with the right password, the vacuum script completed, when the automated weekend script ran to vacuum it failed.
    the error indicated a password was not provided. I checked the .pgpass file and the password portion was the big string of characters again.
    Something is causing the .pgpass to be encrypted, ust not experienced enough to know.
    I did find that the /var/lib/pgsql/pg_hba.conf file has references to requiring md5.

    Searching in that direction I found this blurb on a website.

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>

    Vacuumdb within crontab
    Vacuumdb for postgres is best run in a cron. But when your database user needs a password, export it and the cron will run without a problem. Here is an example of a vacuumdb instance that exports the password and then does a full, quiet, and analyzing vacuumdb on the mydatabase database.

    Clean, vacuum and analyze the tripplanning database
    0 2 * * * export PGPASSWORD=mypassword
  • In article <53D76026.043F.00C6.1@myaddress.com>, Dkamp wrote:
    > I replaced the string with the right password, the vacuum script
    > completed, when the automated weekend script ran to vacuum it failed.
    > The error indicated a password was not provided. I checked the >

    .pgpass file and the password portion was the big string of
    > characters again.
    > Something is causing the .pgpass to be encrypted


    What was the time stamp on the .pgpass file? That would give you a
    good indication of what might be messing with it. ls -lu will give you
    the last accessed time vs the normal ll or ls -l command.
    gms:~ # ls -l .pgpass
    -rw------- 1 root root 16 Feb 21 18:47 .pgpass
    gms:~ # ls -lu .pgpass
    -rw------- 1 root root 16 Jul 23 12:20 .pgpass


    > I did find that the /var/lib/pgsql/pg_hba.conf file has references
    > to requiring md5.

    The system I looked at has those as well. If you compare to the other
    systems, you will see that there are many of those lines there. The
    trick question is if any of them are different


    The Export step sounds like a fair thing to try, but I suspect that if
    it works, is just a work around.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!

  • Resolved.
    Downloaded the dsapp.sh (version 182) utility, running scripts to use it as opposed to the scripts that was based on the TID 7009453.
    For some reason dsapp doesn't seem to want/need the Password.
    I am running a cron job that runs "dsapp.sh -vacuum -index"
    thanks for pushing me to a solution.

    extra info:
    These two links indicate true encrypted passwords will not happen.
    http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils
    http://www.postgresql.org/message-id/5D90A4A7A6AC31449EDDBE18CD1CD0507C26686B@szxeml521-mbx.china.huawei.com




    >>> Andy Konecny<konecnya@no-mx.forums.novell.com> 8/3/2014 12:01 AM >>>

    In article <53D76026.043F.00C6.1@myaddress.com>, Dkamp wrote:

    > I replaced the string with the right password, the vacuum script
    > completed, when the automated weekend script ran to vacuum it failed.
    > The error indicated a password was not provided. I checked the >

    pgpass file and the password portion was the big string of

    > characters again.
    > Something is causing the .pgpass to be encrypted


    What was the time stamp on the .pgpass file? That would give you a
    good indication of what might be messing with it. ls -lu will give you
    the last accessed time vs the normal ll or ls -l command.
    gms:~ # ls -l .pgpass
    -rw------- 1 root root 16 Feb 21 18:47 .pgpass
    gms:~ # ls -lu .pgpass
    -rw------- 1 root root 16 Jul 23 12:20 .pgpass



    > I did find that the /var/lib/pgsql/pg_hba.conf file has references
    > to requiring md5.

    The system I looked at has those as well. If you compare to the other
    systems, you will see that there are many of those lines there. The
    trick question is if any of them are different


    The Export step sounds like a fair thing to try, but I suspect that if
    it works, is just a work around.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
  • Resolved.
    Downloaded the dsapp.sh (version 182) utility, running scripts to use it as opposed to the scripts that was based on the TID 7009453.
    For some reason dsapp doesn't seem to want/need the Password.
    I am running a cron job that runs "dsapp.sh -vacuum -index"
    thanks for pushing me to a solution.

    extra info:
    These links indicate true encrypted passwords will not happen.
    http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils
    http://www.postgresql.org/message-id/5D90A4A7A6AC31449EDDBE18CD1CD0507C26686B@szxeml521-mbx.china.huawei.com
    http://www.postgresql.org/message-id/20140221142851.GA16533@defunct.ch
    http://www.postgresql.org/message-id/20140221162000.GL4759@eldon.alvh.no-ip.org



    >>> Andy Konecny<konecnya@no-mx.forums.novell.com> 8/3/2014 12:01 AM >>>

    In article <53D76026.043F.00C6.1@myaddress.com>, Dkamp wrote:

    > I replaced the string with the right password, the vacuum script
    > completed, when the automated weekend script ran to vacuum it failed.
    > The error indicated a password was not provided. I checked the >

    pgpass file and the password portion was the big string of

    > characters again.
    > Something is causing the .pgpass to be encrypted


    What was the time stamp on the .pgpass file? That would give you a
    good indication of what might be messing with it. ls -lu will give you
    the last accessed time vs the normal ll or ls -l command.
    gms:~ # ls -l .pgpass
    -rw------- 1 root root 16 Feb 21 18:47 .pgpass
    gms:~ # ls -lu .pgpass
    -rw------- 1 root root 16 Jul 23 12:20 .pgpass



    > I did find that the /var/lib/pgsql/pg_hba.conf file has references
    > to requiring md5.

    The system I looked at has those as well. If you compare to the other
    systems, you will see that there are many of those lines there. The
    trick question is if any of them are different


    The Export step sounds like a fair thing to try, but I suspect that if
    it works, is just a work around.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!
  • In article <53BEB2E3.043F.00C6.1@myaddress.com>, Dkamp wrote:
    > Resolved.
    > Downloaded the dsapp.sh (version 182) utility, running scripts to
    > use it as opposed to the scripts that was based on the TID 7009453.
    > For some reason dsapp doesn't seem to want/need the Password.
    > I am running a cron job that runs "dsapp.sh -vacuum -index"
    > thanks for pushing me to a solution.

    Glad we got it working for you. Amazing how often it is just that nudge
    in the right direction.
    Interesting that it worked without feeding a password. I'll have to
    see if I can find more about this.

    > Extra info:
    > These links indicate true encrypted passwords will not happen.

    Thank you for the links. Yes password management is always a challenge
    as is security as a whole. It doesn't help that most things we work
    with didn't have security in mind when they were first baked. This is
    a big part of why we have to have layers of security because there is
    always a week spot somewhere.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!