[pgpool-general: 1526] [pgPool-II 3.2.3] MD5 authentication and username longer than 32 characters.

Thomas Martin tmartincpp at gmail.com
Wed Mar 27 22:48:14 JST 2013


Hello everyone.

I compiled pgPool-II 3.2.3 and try to use md5 authentication on pgpool
and postgresql.
Everything is working fine expect for users with more than 32
characters in their name.


Example with pgpool in replication mode and two postgresql nodes.

1) Pgpool and postgresql are configured to use md5 for everything (all
users, all hosts).


2) I created a user with a name of 32 characters
(abcdefghijklmnopqrstuvwxyzabcdef) and another one with 33 characters
(abcdefghijklmnopqrstuvwxyzabcdefg):

a) Both postgresqls configuration:
postgres=# SELECT * FROM pg_authid WHERE
rolname='abcdefghijklmnopqrstuvwxyzabcdef' OR
rolname='abcdefghijklmnopqrstuvwxyzabcdefg';              rolname
        | rolsuper | rolinherit | rolcreaterole | rolcreatedb |
rolcatupdate | rolcanlogin | rolconnlimit |             rolpassword
         | rolvaliduntil
-----------------------------------+----------+------------+---------------+-------------+--------------+-------------+--------------+-------------------------------------+---------------
 abcdefghijklmnopqrstuvwxyzabcdef  | f        | t          | f
    | f           | f            | t           |           -1 |
md575fa91abcca51c07330b0a9559670646 |
 abcdefghijklmnopqrstuvwxyzabcdefg | f        | t          | f
    | f           | f            | t           |           -1 |
md5f753edf600600a57fd8423a2b32f92b9 |

b) pool_passwd for pgPool is like this:
# grep abcdefghijklmnopqrstuvwxyzabcdef pool_passwd
abcdefghijklmnopqrstuvwxyzabcdefmd575fa91abcca51c07330b0a9559670646
abcdefghijklmnopqrstuvwxyzabcdefg:md5f753edf600600a57fd8423a2b32f92b9


3) pgpass is correctly configured:
# grep abcdefghijklmnopqrstuvwxyzabcdef .pgpass
*:5432:*:abcdefghijklmnopqrstuvwxyzabcdef:testtest
*:5432:*:abcdefghijklmnopqrstuvwxyzabcdefg:testtest


4) I can connect directly to both postgresqls with both users:
# psql -h postgresql1 db -U abcdefghijklmnopqrstuvwxyzabcdef -c
"SELECT 1;" ; psql -h postgresql2 db -U
abcdefghijklmnopqrstuvwxyzabcdef -c "SELECT 1;"
 ?column?
----------
        1
(1 row)

 ?column?
----------
        1
(1 row)
# psql -h postgresql1 db -U abcdefghijklmnopqrstuvwxyzabcdefg -c
"SELECT 1;" ; psql -h postgresql2 db -U
abcdefghijklmnopqrstuvwxyzabcdefg -c "SELECT 1;"
 ?column?
----------
        1
(1 row)

 ?column?
----------
        1


5) But the pgpool's authentication is only working for the 32 characters user:
# psql -h pgpool db -U abcdefghijklmnopqrstuvwxyzabcdef -c "SELECT 1;"
 ?column?
----------
        1
(1 row)
# psql -h pgpool db -U abcdefghijklmnopqrstuvwxyzabcdefg -c "SELECT 1;"
psql: ERROR:  "MD5" authentication with pgpool failed for user
"abcdefghijklmnopqrstuvwxyzabcdefg"


6) Finally if I try to change the password of the 33 characters
username with pg_md5 the entry is duplicated instead of overwrited:
# grep abcdefghijklmnopqrstuvwxyzabcdefg /etc/itf-pgpool2/pool_passwd
abcdefghijklmnopqrstuvwxyzabcdefg:md5f753edf600600a57fd8423a2b32f92b9
# pg_md5 -p -m -u abcdefghijklmnopqrstuvwxyzabcdefg
password:
# grep abcdefghijklmnopqrstuvwxyzabcdefg /etc/itf-pgpool2/pool_passwd
abcdefghijklmnopqrstuvwxyzabcdefg:md5f753edf600600a57fd8423a2b32f92b9
abcdefghijklmnopqrstuvwxyzabcdefg:md570cf6675cfa0b963085cd7aa75d302f9



Does anyone experienced an issue like this?
I double-checked everything and I'm pretty sure there is no mistake in
my configuration.

I take a short look to the source code (unfortunately I'm not really
friend with C) and it seems that the supposed limitation is 128.

Thanks for reading me until this ;)

Thomas


More information about the pgpool-general mailing list