The "FATAL: Ident authentication failed for user" error occurs when PostgreSQL authentication method is set to ident but the operating system username does not match the PostgreSQL database username. This typically affects local connections and requires changing pg_hba.conf to use password authentication instead.
PostgreSQL uses the ident authentication method to verify user identity by asking the operating system to confirm which user initiated the database connection. When ident authentication is enabled, PostgreSQL compares the OS username against the requested database user. If they do not match (and no mapping is configured), the connection is rejected. The error is fatal because PostgreSQL terminates the connection immediately during the authentication phase, before any SQL commands can be executed. This method is designed for trusted local networks where the OS user identity reliably corresponds to the database user, but it is incompatible with application servers, containers, and remote connections that use different OS and database user identities. On modern systems, ident authentication is considered legacy. PostgreSQL now recommends password-based authentication (MD5, SCRAM-SHA-256) for better security and flexibility.
The pg_hba.conf file controls PostgreSQL authentication rules. Find its location:
# Query from psql (if you can connect as the postgres OS user):
sudo -u postgres psql -c "SHOW hba_file;"
# Common file locations:
/var/lib/postgresql/VERSION/main/pg_hba.conf # Debian/Ubuntu
/var/lib/pgsql/VERSION/data/pg_hba.conf # RHEL/CentOS/Oracle Linux
/usr/local/var/postgres/pg_hba.conf # macOS Homebrew (Intel)
/opt/homebrew/var/postgres/pg_hba.conf # macOS Homebrew (Apple Silicon)View the file to check the current authentication method:
cat /var/lib/postgresql/14/main/pg_hba.confThe recommended fix is to replace ident with password-based authentication. This allows connections using usernames and passwords instead of OS user identity.
# Backup the original file:
sudo cp /var/lib/postgresql/14/main/pg_hba.conf /var/lib/postgresql/14/main/pg_hba.conf.backup
# Edit the file with sudo:
sudo nano /var/lib/postgresql/14/main/pg_hba.confFind lines containing "ident":
local all all ident
host all all 127.0.0.1/32 ident
host all all ::1/128 identChange them to:
local all all scram-sha-256
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256For PostgreSQL 9.x or older systems, use "md5" instead of "scram-sha-256". SCRAM-SHA-256 is more secure and is the modern default.
After modifying pg_hba.conf, reload the configuration without stopping the database (preferred) or perform a full restart.
# Reload configuration (does not disconnect existing clients):
sudo systemctl reload postgresql
# Alternative reload methods:
sudo -u postgres pg_ctl reload -D /var/lib/postgresql/14/main
sudo killall -HUP postgres
# If reload does not work, restart the service:
sudo systemctl restart postgresql
# Verify PostgreSQL is running:
sudo systemctl status postgresqlPassword authentication requires that the database user has a password set. If no password exists, create one.
# Connect as the postgres OS user (if using peer auth for that user):
sudo -u postgres psql
# Inside psql, set or update the password:
alter user postgres with password 'your_secure_password';
# Verify the user exists:
\du
# Exit psql:
\quitReplace "postgres" and "your_secure_password" with your actual database user and a strong password.
Verify the fix by connecting with the password you just set.
# Connect using password prompt (replace username and host as needed):
psql -U postgres -h 127.0.0.1 -W
# Alternatively, provide password via PGPASSWORD environment variable:
PGPASSWORD="your_password" psql -U postgres -h 127.0.0.1 -d postgres
# If the connection succeeds, run a simple query:
select version();If you can execute the query without "Ident authentication failed" error, the fix is complete.
If connecting from a remote host, ensure PostgreSQL is configured to accept remote connections.
# Check the listen_addresses setting in postgresql.conf:
sudo grep "^listen_addresses" /etc/postgresql/14/main/postgresql.conf
# Should show:
listen_addresses = 'localhost' # for local only
listen_addresses = '*' # for all interfaces (less secure)
listen_addresses = '192.168.1.100' # for specific IP
# If you need to change it, edit postgresql.conf:
sudo nano /etc/postgresql/14/main/postgresql.conf
# Restart PostgreSQL to apply:
sudo systemctl restart postgresql
# Verify remote connections in pg_hba.conf are set to password auth, not ident:
grep "^host" /var/lib/postgresql/14/main/pg_hba.confAll TCP/IP connections (from remote hosts) must use password, SCRAM, or certificate authentication. Ident is not supported for remote connections.
Ident authentication (RFC 1413) is a legacy method intended only for trusted local networks. The ident protocol assumes the client's ident server (identd) honestly reports the OS user, making it unsuitable for untrusted networks, containers, or cloud environments.
PostgreSQL 10+ strongly prefers SCRAM-SHA-256 over MD5 due to cryptographic weaknesses in MD5. If your system supports it, always use SCRAM-SHA-256 for new installations or when upgrading authentication configurations.
For Docker containers, ident authentication will never work because the container OS user identity cannot map to the host. Use password or SCRAM authentication exclusively in containerized deployments.
To debug ident failures, enable PostgreSQL logging:
ALTER SYSTEM SET log_connections = on;
ALTER SYSTEM SET log_disconnections = on;
SELECT pg_reload_conf();Then check /var/log/postgresql/postgresql.log for detailed authentication attempt information.
On macOS with Homebrew, the default pg_hba.conf often uses "trust" for local connections (no authentication), which is convenient for development but insecure in any shared or networked setup. Change "trust" to "scram-sha-256" or "md5" for production systems.
ERROR: syntax error at end of input
Syntax error at end of input in PostgreSQL
Bind message supplies N parameters but prepared statement requires M
Bind message supplies N parameters but prepared statement requires M in PostgreSQL
Multidimensional arrays must have sub-arrays with matching dimensions
Multidimensional arrays must have sub-arrays with matching dimensions
ERROR: value too long for type character varying
Value too long for type character varying
insufficient columns in unique constraint for partition key
How to fix "insufficient columns in unique constraint for partition key" in PostgreSQL