Skip to content

Peer authentication for local connections #1185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mkrauss opened this issue Mar 17, 2025 · 4 comments
Open

Peer authentication for local connections #1185

mkrauss opened this issue Mar 17, 2025 · 4 comments

Comments

@mkrauss
Copy link

mkrauss commented Mar 17, 2025

I can't seem to find any way to make Skunk connect to a local Postgres with "peer" authentication (https://www.postgresql.org/docs/current/auth-peer.html). This authentication type is the default out-of-the-box for local Postgres connections, on Linux, and I believe MacOS. It is convenient, and secure, for local development. It would most typically be selected by leaving out the host, username, and password, and lets the local operating system authenticate the user as the user running the connecting process. I can live without it, but was surprised to see it seems to be missing.
@mpilquist
Copy link
Member

What errors are you seeing? AFAIK peer authentication should work fine.

@mkrauss
Copy link
Author

mkrauss commented Mar 24, 2025

It may be that I don't understand how to use it? However, I'll mention that the docs say "Skunk currently supports the trust (no password necessary), password, md5 and scram-sha-256 authentication methods." (https://typelevel.org/skunk/reference/Sessions.html), so if peer authentication is supported, the docs are out of date.

If it does work, I would expect it to work by calling, for instance, Session.single, with no host, user, or password arguments, just like invoking psql from the command line. However, while Session.single takes an Option[String] for password, the other parameters are just String.

When I try with host = "localhost", it complains that there is no password:

root[ERROR] skunk.exception.SkunkException: 
root[ERROR] 🔥  
root[ERROR] 🔥  SkunkException
root[ERROR] 🔥  
root[ERROR] 🔥    Problem: Password required.
root[ERROR] 🔥     Detail: The PostgreSQL server requested a password for 'mkrauss' but none was
root[ERROR] 🔥             given.
root[ERROR] 🔥       Hint: Specify a password when constructing your Session or Session pool.
root[ERROR] 🔥

This is not surprising, since localhost says to connect via TCP/IP which wouldn't work for the peer auth, similar to using the cli psql -h localhost which requires a password.

When I try with host = "", it complains that the empty string isn't a valid host:

root[ERROR] skunk.exception.SkunkException: 
root[ERROR] 🔥  
root[ERROR] 🔥  SkunkException
root[ERROR] 🔥  
root[ERROR] 🔥    Problem: Hostname: "" is not syntactically valid.
root[ERROR] 🔥

This is not surprising, either, as the empty string certainly isn't a valid host.

Am I missing something?

@mpilquist
Copy link
Member

Oh sorry, I was incorrect. Folks have manually added in support in the past -- e.g. #928 -- but there's no current built-in support for connecting via unix domain sockets. I'd like to add it before shipping 1.0 though.

@mpilquist
Copy link
Member

Support added in #1192

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mpilquist @mkrauss