I have just noticed a strange behavior in the 6.0.3 Windows Client Login Screen.
I always enter in the username and password, but this time in my haste, I just hit Log In without the credentials.
And I was logged in with my usual credentials. I have repeated this several times. The only issue is that I dont see the entire menu.
I can confirm my login, because at the top it says wwdev as bekosko
As anyone seen this type of behavior in the client?
Thank you
Bob
I have seen this across multiple versions actually. I don’t know exactly when it happened but there are multiple weird login behaviors.
Sometimes I can log in without entering any credentials at all. Sometimes I only have to enter the password and sometimes I can skip the password.
Its hard to remember specifically which version does what. but I can confirm that you are not alone
Thank you Caleb,
it is strange because this only works on our DEV xTuple.
I try this on our PORD xTuple and it fails.
???
xTuple uses the PostgreSQL driver libpq to connect to the database, and as such it follows the same behaviors that libpq has, one of which that it supports reading from the .pgpass file if you have one on your computer, detailed here https://www.postgresql.org/docs/11/libpq-pgpass.html, so if you have saved your username and password in something that uses the .pgpass, such as pgAdmin, xTuple will be able to read that file and can sign in as you as long as the server name matches. This includes being able to leave off both the username and password as long as they can be read from that file.
Even if .pgpass doesn’t exist, libpq will assume the currently logged in user as the username, so if you are logged in to your OS as bekosko and hit login in xTuple, it will assume that as the username even if you don’t enter it. If that is the same as in PostgreSQL, it can match what is in .pgpass and sign in that way.
Lastly, PostgreSQL has a file on the server pg_hba.conf, which is what controls access to the server and databases based on host lines https://www.postgresql.org/docs/current/auth-pg-hba-conf.html this can be configured with the auth-method of trust, which as it sounds will allow any connection that matches this line in the pg_hba.conf in without a password if you told it too.
As a best practice, avoid using trust lines in pg_hba.conf except under limited instances where you may be granting access to a specific individual computer for purposes such as backup or ETL or something, if you want to make your life easier on sign in use the .pgpass file locally on your computer but protect it as it will contain the password in plain text.
David
Thank you David,
now everything makes sense.