Highlighted
Absent Member.
Absent Member.
1456 views

.pgpass

I cannot seem to run the dsapp utility routines. it is telling me :
psql: Fatal: password authentication failed for the user "datasync_user"
The .pgpass files password portion is encrypted.
the other mobility servers we have it is in clear text.
All versions are 2.0.1 build 53 running on SLES 11 sp3.
Labels (1)
0 Likes
7 Replies
Highlighted
Absent Member.
Absent Member.

Re: .pgpass

Why would the password get encrypted?
Can I decrypt it? or remake the file?



>>> dkamp<NoSpam@myaddress.com> 7/10/2014 3:36 PM >>>


I cannot seem to run the dsapp utility routines. it is telling me :
psql: Fatal: password authentication failed for the user "datasync_user"
The .pgpass files password portion is encrypted.
the other mobility servers we have it is in clear text.
All versions are 2.0.1 build 53 running on SLES 11 sp3.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: .pgpass

In article <53C90C04.043F.00C6.1@myaddress.com>, Dkamp wrote:
> Why would the password get encrypted?
> Can I decrypt it? or remake the file?


I don't know off hand, but it would be worth a try. Perhaps copy one
from another server on to this one. Just make sure you make a backup
copy of this encrypted one.
There is a bit about this file in the GMS documentation that might be
of some use
https://www.novell.com/documentation/groupwisemobility2/gwmob2_guide_ad
min/data/admin_mgt_backup.html

my deployments appear in the format of
*:*:*:*:ourpassword
(so obviously for any/all databases)

if the first password you try doesn't work, certainly try the root one
as well as any others used on that system.

Sorry for the delay, this one took a bit of digging just to get this
far.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: .pgpass

Thank You Andy
The layers are being revealed but still unclear.
my .pgpass file was created by me and was as your example and clear text.
I did not knowingly do anything to it.
Now it is
*:*:*:*:(then a big string of seemingly random characters)
I replaced the string with the right password, the vacuum script completed, when the automated weekend script ran to vacuum it failed.
the error indicated a password was not provided. I checked the .pgpass file and the password portion was the big string of characters again.
Something is causing the .pgpass to be encrypted, ust not experienced enough to know.
I did find that the /var/lib/pgsql/pg_hba.conf file has references to requiring md5.

Searching in that direction I found this blurb on a website.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Vacuumdb within crontab
Vacuumdb for postgres is best run in a cron. But when your database user needs a password, export it and the cron will run without a problem. Here is an example of a vacuumdb instance that exports the password and then does a full, quiet, and analyzing vacuumdb on the mydatabase database.

Clean, vacuum and analyze the tripplanning database
0 2 * * * export PGPASSWORD=mypassword && vacuumdb -f -q -z -U postgres -d mydatabase >> /var/log/messages 2>&1

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


Should I try the password Export as it suggests?
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: .pgpass

In article <53D76026.043F.00C6.1@myaddress.com>, Dkamp wrote:
> I replaced the string with the right password, the vacuum script
> completed, when the automated weekend script ran to vacuum it failed.
> The error indicated a password was not provided. I checked the >

.pgpass file and the password portion was the big string of
> characters again.
> Something is causing the .pgpass to be encrypted


What was the time stamp on the .pgpass file? That would give you a
good indication of what might be messing with it. ls -lu will give you
the last accessed time vs the normal ll or ls -l command.
gms:~ # ls -l .pgpass
-rw------- 1 root root 16 Feb 21 18:47 .pgpass
gms:~ # ls -lu .pgpass
-rw------- 1 root root 16 Jul 23 12:20 .pgpass


> I did find that the /var/lib/pgsql/pg_hba.conf file has references
> to requiring md5.

The system I looked at has those as well. If you compare to the other
systems, you will see that there are many of those lines there. The
trick question is if any of them are different


The Export step sounds like a fair thing to try, but I suspect that if
it works, is just a work around.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Resolved

Resolved.
Downloaded the dsapp.sh (version 182) utility, running scripts to use it as opposed to the scripts that was based on the TID 7009453.
For some reason dsapp doesn't seem to want/need the Password.
I am running a cron job that runs "dsapp.sh -vacuum -index"
thanks for pushing me to a solution.

extra info:
These two links indicate true encrypted passwords will not happen.
http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils
http://www.postgresql.org/message-id/5D90A4A7A6AC31449EDDBE18CD1CD0507C26686B@szxeml521-mbx.china.huawei.com




>>> Andy Konecny<konecnya@no-mx.forums.novell.com> 8/3/2014 12:01 AM >>>

In article <53D76026.043F.00C6.1@myaddress.com>, Dkamp wrote:

> I replaced the string with the right password, the vacuum script
> completed, when the automated weekend script ran to vacuum it failed.
> The error indicated a password was not provided. I checked the >

pgpass file and the password portion was the big string of

> characters again.
> Something is causing the .pgpass to be encrypted


What was the time stamp on the .pgpass file? That would give you a
good indication of what might be messing with it. ls -lu will give you
the last accessed time vs the normal ll or ls -l command.
gms:~ # ls -l .pgpass
-rw------- 1 root root 16 Feb 21 18:47 .pgpass
gms:~ # ls -lu .pgpass
-rw------- 1 root root 16 Jul 23 12:20 .pgpass



> I did find that the /var/lib/pgsql/pg_hba.conf file has references
> to requiring md5.

The system I looked at has those as well. If you compare to the other
systems, you will see that there are many of those lines there. The
trick question is if any of them are different


The Export step sounds like a fair thing to try, but I suspect that if
it works, is just a work around.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: .pgpass

Resolved.
Downloaded the dsapp.sh (version 182) utility, running scripts to use it as opposed to the scripts that was based on the TID 7009453.
For some reason dsapp doesn't seem to want/need the Password.
I am running a cron job that runs "dsapp.sh -vacuum -index"
thanks for pushing me to a solution.

extra info:
These links indicate true encrypted passwords will not happen.
http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils
http://www.postgresql.org/message-id/5D90A4A7A6AC31449EDDBE18CD1CD0507C26686B@szxeml521-mbx.china.huawei.com
http://www.postgresql.org/message-id/20140221142851.GA16533@defunct.ch
http://www.postgresql.org/message-id/20140221162000.GL4759@eldon.alvh.no-ip.org



>>> Andy Konecny<konecnya@no-mx.forums.novell.com> 8/3/2014 12:01 AM >>>

In article <53D76026.043F.00C6.1@myaddress.com>, Dkamp wrote:

> I replaced the string with the right password, the vacuum script
> completed, when the automated weekend script ran to vacuum it failed.
> The error indicated a password was not provided. I checked the >

pgpass file and the password portion was the big string of

> characters again.
> Something is causing the .pgpass to be encrypted


What was the time stamp on the .pgpass file? That would give you a
good indication of what might be messing with it. ls -lu will give you
the last accessed time vs the normal ll or ls -l command.
gms:~ # ls -l .pgpass
-rw------- 1 root root 16 Feb 21 18:47 .pgpass
gms:~ # ls -lu .pgpass
-rw------- 1 root root 16 Jul 23 12:20 .pgpass



> I did find that the /var/lib/pgsql/pg_hba.conf file has references
> to requiring md5.

The system I looked at has those as well. If you compare to the other
systems, you will see that there are many of those lines there. The
trick question is if any of them are different


The Export step sounds like a fair thing to try, but I suspect that if
it works, is just a work around.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: .pgpass

In article <53BEB2E3.043F.00C6.1@myaddress.com>, Dkamp wrote:
> Resolved.
> Downloaded the dsapp.sh (version 182) utility, running scripts to
> use it as opposed to the scripts that was based on the TID 7009453.
> For some reason dsapp doesn't seem to want/need the Password.
> I am running a cron job that runs "dsapp.sh -vacuum -index"
> thanks for pushing me to a solution.

Glad we got it working for you. Amazing how often it is just that nudge
in the right direction.
Interesting that it worked without feeding a password. I'll have to
see if I can find more about this.

> Extra info:
> These links indicate true encrypted passwords will not happen.

Thank you for the links. Yes password management is always a challenge
as is security as a whole. It doesn't help that most things we work
with didn't have security in mind when they were first baked. This is
a big part of why we have to have layers of security because there is
always a week spot somewhere.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.