This error occurs when a PostgreSQL client attempts to connect to a database but fails to provide authentication credentials. It happens when the user lacks a password, the .pgpass file is misconfigured, or environment variables aren't set properly.
PostgreSQL's libpq authentication layer is rejecting the connection attempt because no password was provided during the authentication handshake. This error typically appears when connecting to a PostgreSQL server that requires password-based authentication (SCRAM-SHA-256, MD5, or plain password methods) but the client hasn't supplied credentials. The error can occur with command-line tools like psql, pg_dump, or programmatic clients that don't handle password input correctly.
Connect to PostgreSQL as a superuser (postgres) and check if the user has a password:
-- List users and their password status
SELECT usename, usecanlogin FROM pg_user WHERE usename = 'yourUsername';
-- Check if password is set (encrypted passwords will be visible)
SELECT usename, valuntil FROM pg_user WHERE usename = 'yourUsername';If the user has no password or valuntil is NULL, you need to set one:
ALTER USER yourUsername WITH PASSWORD 'newPassword';For new users, create them with a password:
CREATE USER newuser WITH PASSWORD 'initialPassword';Create a ~/.pgpass file to store connection credentials securely:
# On Linux/macOS
cat > ~/.pgpass << EOF
localhost:5432:mydatabase:myuser:mypassword
EOF
# Set restrictive permissions (required for pgpass to work)
chmod 600 ~/.pgpassFormat: hostname:port:database:username:password
Use * to match any value:
*:5432:mydatabase:myuser:mypasswordNow psql will use this file automatically:
psql -h localhost -U myuser -d mydatabaseFor non-interactive scripts or quick connections, use the PGPASSWORD environment variable:
export PGPASSWORD='mypassword'
psql -h localhost -U myuser -d mydatabase -c 'SELECT 1;'
unset PGPASSWORDOr inline:
PGPASSWORD='mypassword' psql -h localhost -U myuser -d mydatabaseFor pg_dump:
PGPASSWORD='mypassword' pg_dump -h localhost -U myuser mydatabaseWarning: This method is less secure because environment variables may be visible in process lists. Use .pgpass for regular operations.
If you want to provide a password securely when running psql, use the -W flag to prompt:
psql -h localhost -U myuser -d mydatabase -WThis will prompt you to enter the password interactively:
Password for user myuser:The password is not echoed to the terminal and is not stored in shell history.
Verify that pg_hba.conf allows password authentication for your connection:
# Find pg_hba.conf location (usually in PostgreSQL data directory)
psql -U postgres -c "SHOW hba_file;"
# Check the file (usually /etc/postgresql/version/main/pg_hba.conf on Linux)
cat /etc/postgresql/14/main/pg_hba.confEnsure the authentication method supports password:
# TYPE DATABASE USER ADDRESS METHOD
local all all scram-sha-256
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256Valid password methods: scram-sha-256 (recommended), md5 (legacy), password (plaintext, use only with SSL)
After modifying pg_hba.conf:
sudo systemctl restart postgresqlIf you're setting up a PostgreSQL standby server and see this error during replication, configure primary_conninfo in recovery.conf or postgresql.conf:
# Using password in connection string (less secure)
primary_conninfo = 'host=primary.example.com port=5432 user=replicator password=repPassword'
# Or use .pgpass (more secure)
primary_conninfo = 'host=primary.example.com port=5432 user=replicator'Ensure the .pgpass file on the standby contains:
primary.example.com:5432:replication:replicator:repPasswordWith permissions:
chmod 600 /var/lib/postgresql/.pgpass
chown postgres:postgres /var/lib/postgresql/.pgpassThen restart the standby:
sudo systemctl restart postgresqlPostgreSQL supports multiple password authentication methods: SCRAM-SHA-256 (default in PostgreSQL 10+, most secure), MD5 (legacy, vulnerable), and plain password (only safe over SSL). The SCRAM-SHA-256 method uses a challenge-response mechanism that prevents password sniffing. If you're upgrading from older PostgreSQL versions using MD5, users must reset their passwords after changing pg_hba.conf to SCRAM-SHA-256. For automated backups and scripts, the .pgpass file is preferred over PGPASSWORD because it keeps passwords out of process lists and shell history. On Windows, the password file location is %APPDATA%\postgresql\pgpass.conf. For Docker containers connecting to external PostgreSQL, ensure the password is supplied either via .pgpass mount, environment variables within the container, or connection string parameters. Always verify the connection string format matches what your client library expects.
insufficient columns in unique constraint for partition key
How to fix "insufficient columns in unique constraint for partition key" in PostgreSQL
ERROR 42501: must be owner of table
How to fix "must be owner of table" in PostgreSQL
trigger cannot change partition destination
How to fix "Trigger cannot change partition destination" in PostgreSQL
SSL error: certificate does not match host name
SSL error: certificate does not match host name in PostgreSQL
No SSL connection
No SSL connection to PostgreSQL