[Bucardo-general] Peer authentication error preventing herd creation

Nelson, Alexander J. alexander.nelson at nist.gov
Mon Jul 20 20:22:40 UTC 2015

Hello all,

I am interested in trying Bucardo for a database-to-database publishing application.  Full-on Postgres replication is not semantically appropriate in this application.  However, I'm having a pervasive authentication issue with getting Bucardo running and doing anything interesting.  It has been somewhat explored on this mailing list before, but I haven't been able to dig up a satisfactory resolution from the archives.  If I can't resolve this issue, I'll have to abandon trying to use Bucardo.

Bucardo suffers from 'peer' authentication failures, even when the pg_hba.conf authentication mode is 'trust'.  Peer authentication ultimately prevents adding a replication herd, though that appears to be an accident requiring two separate bugs, if peer authentication is a bug.

I am seeing the same issue as Marc-Emmanuel Ramage, who did not receive a reply from his message:

This thread has a resolution, using the 'trust' authentication method to get things set up and then moving on to something more secure:
That advice worked for me, using this pg_hba.conf line (inserted in the appropriate place):

    host bucardo bucardo trust

Awkwardly, this is not working:

    local bucardo bucardo peer

Shell transcript of trying to use Bucardo in 'peer' authentication mode:

    + sudo -u bucardo bucardo status
    DBI connect('dbname=bucardo;host=localhost;port=5432','bucardo',...) failed: FATAL:  password authentication failed for user "bucardo"
    FATAL:  password authentication failed for user "bucardo" at /usr/bin/bucardo line 267.

The .pgpass file exists, with what looks like the right permissions:

    + sudo ls -la ~bucardo/.pgpass
    -rw------- 1 bucardo bucardo 68 Jul 20 14:19 /var/lib/bucardo/.pgpass

So, this appears to be a replication of the issue Greg Mullane noted:
In lieu of coming onto IRC and trying to catch up, I've attached a setup shell script, 'fail-peer.sh', that reproduces the issue in a fresh, patched Ubuntu 14.04 VM.  I've added comments explaining the lines.

Unfortunately, using 'trust' only gets me up to, not through, the point of being able to create a herd.  I've attached another shell script, 'fail-herd.sh', that tries to bypass authentication issues by just using 'trust', but 'peer' authentication somehow comes up when trying to create a herd from the wiki instructions.  If you run 'fail-herd.sh' in a fresh, patched Ubuntu 14.04 VM, you and I will be on the same page.

My Perl knowledge isn't great, so I'm stuck on investigating the issue further.  (For one thing, I don't understand why the context function is "validate_goat" while the containing function appears to be "add_all_goats.")  However, from the database statement in the error message, could it be that the Postgres server needs to be specified?

I can tell that people are doing useful work with Bucardo, and I'd like to be able to do the same.  I hope someone can help with this issue, and I hope further that there is just some elementary Postgres error I'm making.  Since I'm not the first person to be making this error, this may warrant a wiki update.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: fail-peer.sh
Type: application/octet-stream
Size: 2420 bytes
Desc: fail-peer.sh
URL: <https://mail.endcrypt.com/pipermail/bucardo-general/attachments/20150720/cc946bf8/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fail-herd.sh
Type: application/octet-stream
Size: 4462 bytes
Desc: fail-herd.sh
URL: <https://mail.endcrypt.com/pipermail/bucardo-general/attachments/20150720/cc946bf8/attachment-0001.obj>

More information about the Bucardo-general mailing list