I understand that, upon installation, PostgreSQL has no password for its db root user (postgres):
postgres=# select usename, passwd is null from pg_shadow;
usename | ?column?
----------+----------
postgres | t
(1 row)
… and one is advised to set it with:
alter role postgres password '<<very-secret>>';
(and then update the pg_hba.conf file accordingly)
My question is: what is the SQL to use to revert back to the previous situation when no password was needed for user postgres.
In general, how can I remove the password requirement for any role? I am not asking how to change the password but rather how to remove the password requirement (null passwd column in table pg_shadow).
Best Answer
Whether a password is required or not has nothing to do with
pg_shadowand whether a password is actually defined for the user. Yes, I know, that's weird.pg_hba.confcontrols the authentication method. If you want to request a password, usemd5authentication. If you want to allow login with no password to anyone, usetrust. If you want to require the same username in the operating system as in PostgreSQL, usepeer(UNIX, only for local connections) orsspi(Windows).If there's a password set, but
pg_hba.confdoesn't tell PostgreSQL to ask for it, the password is ignored.If
pg_hba.conftells PostgreSQL to ask for a password but there's none set, then all login attempts will fail no matter what password is supplied.