[Pgpool-hackers] hba with pgpool
Taiki Yamaguchi
yamaguchi at sraoss.co.jp
Thu Dec 14 04:20:21 UTC 2006
hi all,
I am planning on porting HBA function from PostgreSQL into pgpool
(Yes, I had said it before. Finally, I am working on it ...).
To distinguish from pg_hba, I'd like to call it pool_hba.
Porting is easy. Copy few functions from PostgreSQL and create our own
pool_hba.conf, which will be the same as pg_hba.conf.
What we need to decide is which function will be supported, and which
will be limited. From what I understand, pgpool currently supports the
following authentication methods.
==========
w/ replication or master/slave mode:
trust, reject, clear text password
w/o replication mode:
trust, reject, clear text password, crypt, md5
==========
Firstly, trust and reject in pool_hba.conf are straight forward. We can
authenticate a user based on IP address, user name, database name, but
not by a group since pgpool do not know what group a user belongs to.
Anyway, I should be able to do this without a problem.
Next, clear text password (and crypt & md5 with replication) will not be
as simple as the first one. To support this, pgpool has to hold its own
user-password information somewhere (may be in a file, like pgpool-II's
pcp module), but that way pgpool has to go through some what major
changes forcing existing users to create users (and groups maybe).
So, I am not sure if supporting the latter methods are worth it. Do you
think users want pool_hba function even though it can only do
trust/reject by IP address, user name and database name?
Any idea/suggestion ?
-- taiki
More information about the Pgpool-hackers
mailing list