2022-05-02 15:44:48,998 [localhost-startStop-1] ERROR org.hibernate.tool.hbm2ddl.SchemaUpdate - HHH000319: Could not get database metadata
java.sql.SQLException: Cannot create PoolableConnectionFactory (FATAL: Ident authentication failed for user "xnat")
at org.apache.commons.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2294)
at org.apache.commons.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:2039)
Best regards
Anders
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/eeafc183-4e68-4ef9-b477-5e3e05a4b6f5n%40googlegroups.com.
The issue isn’t with XNAT, it’s with your PostgreSQL configuration. There’s a file called pg_hba.conf in your database configuration that controls how authentication is done based on factors like the particular database instance, the user, how the user is accessing the database, e.g. local (via Unix socket), host (TCP), where the connection is coming from, etc. (connections from XNAT to the database always use host connections).
However that’s configured, the role specified for the XNAT database credentials is resolving so that PostgreSQL is using ident authentication and for whatever reason that’s failing. This is okay though because you shouldn’t be using ident authentication anyway!
The drawback of this procedure is that it depends on the integrity of the client: if the client machine is untrusted or compromised, an attacker could run just about any program on port 113 and return any user name they choose. This authentication method is therefore only appropriate for closed networks where each client machine is under tight control and where the database and system administrators operate in close contact. In other words, you must trust the machine running the ident server. Heed the warning:
The Identification Protocol is not intended as an authorization or access control protocol.--RFC 1413
The best way to configure your connection is password authentication using scram-sha-256 or md5. You can add that to your pg_hba.conf specifically for your XNAT database (this presumes that your database is named xnat and the user role is xnat: change accordingly if not):
host xnat xnat 127.0.0.1/24 scram-sha-256
Then just restart the database server:
systemctl restart postgresql.service
And you should be good. You can test this with a simple command:
psql --host=localhost --username=xnat --password
You should be prompted for your password and then see the command-line interface:
# psql --host=localhost --username=xnat --password
Password:
psql (12.10 (Ubuntu 12.10-1.pgdg20.04+1+b1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.
xnat=>
--
Rick Herrick
XNAT Architect/Developer
Computational Imaging Laboratory
Washington University School of Medicine
From:
xnat_di...@googlegroups.com <xnat_di...@googlegroups.com> on behalf of Anders Tisell <andt...@gmail.com>
Date: Thursday, May 5, 2022 at 11:06 AM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] Installation of XNAT on redhat 8
* External Email - Caution * |
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/xnat_discussion/eeafc183-4e68-4ef9-b477-5e3e05a4b6f5n%40googlegroups.com.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
No idea how to fix it because the log messages are incomplete. Can you reply with the localhost log attached? Also, have a look at the XNAT logs in the folder ${xnat.home}/logs and attach any relevant log messages from there.
The easiest way to do the latter is the following:
Now look through the logs for any error or warning messages. Most likely you’re going either to see nothing–because whatever’s failing is failing before XNAT ever starts logging (although I doubt that, since that message is coming from ApplicationConfig, at which point logging should be initialized)–or something that likely contains the same error messages you see in the Tomcat localhost log. If there is something, send that as well.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/849a18fc-eef9-4775-8b41-4cef97a7744bn%40googlegroups.com.