<div dir="ltr">>
Yes, Pgpool-II does not do any authetication against PostgreSQL for cached connections because it's already authenticated. For the<br>> authentication between clients and Pgpool-II, Pgpool-II always does it<br>> using pool_passwd.<div><br></div><div>So it doesn't matter if <span style="color:rgb(80,0,80)">enable_pool_hba = off, pgpool still do the authentication with client for </span> cached connections<span style="color:rgb(80,0,80)"> </span></div><div><span style="color:rgb(80,0,80)">And in this case if pool_passwd file not present, authentication should fail ?</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 10, 2019 at 1:06 PM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp">ishii@sraoss.co.jp</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> Hi Tatsuo,<br>
> <br>
> I will share it in a bit (Will have to set it up again pgpool and DB, so it<br>
> will take little time)<br>
> <br>
> I have one more question regardless of previous case<br>
> Suppose enable_pool_hba = off and at DB level only we are doing<br>
> authentication, so in case for cached connection (pgpool to DB), how pgpool<br>
> authorized client because in that case connection is already there between<br>
> pgpool to DB<br>
<br>
Yes, Pgpool-II does not do any authetication against PostgreSQL for<br>
cached connections because it's already authenticated. For the<br>
authentication between clients and Pgpool-II, Pgpool-II always does it<br>
using pool_passwd.<br>
<br>
> Thanks,<br>
> Vandy<br>
> <br>
> On Wed, Jul 10, 2019 at 12:26 PM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp" target="_blank">ishii@sraoss.co.jp</a>> wrote:<br>
> <br>
>> All right. Can you please provide pgpool.conf and full debug log when<br>
>> you execute:<br>
>><br>
>> psql -U mpsroot -p 5432 -h 192.168.1.233 mpsdb<br>
>><br>
>> (You need to add "log_min_messages = debug5" to pgpool.conf and<br>
>> restart Pgpool-II).<br>
>><br>
>> > Hi Tatsuo,<br>
>> ><br>
>> > PostgreSQL is running on 192.168.1.103<br>
>> ><br>
>> > On Wed, Jul 10, 2019 at 11:59 AM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp" target="_blank">ishii@sraoss.co.jp</a>><br>
>> wrote:<br>
>> ><br>
>> >> What is the IP address of the host which PostgreSQL is running on?<br>
>> >> (I assume that Pgpool-II is running on 192.168.1.233).<br>
>> >><br>
>> >> > Hi Tatsuo,<br>
>> >> ><br>
>> >> > When i directly connect to PostgreSQL, it does ask for password<br>
>> >> ><br>
>> >> > On Wed, Jul 10, 2019 at 3:54 AM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp" target="_blank">ishii@sraoss.co.jp</a>><br>
>> wrote:<br>
>> >> ><br>
>> >> >> > ---------- Forwarded message ---------<br>
>> >> >> > From: temp temp <<a href="mailto:ttemp666@gmail.com" target="_blank">ttemp666@gmail.com</a>><br>
>> >> >> > Date: Tue, Jul 9, 2019 at 10:38 PM<br>
>> >> >> > Subject: Re: [pgpool-general: 6626] pgpool Authentication<br>
>> >> >> > To: Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp" target="_blank">ishii@sraoss.co.jp</a>><br>
>> >> >> ><br>
>> >> >> ><br>
>> >> >> >> Regarding pgpool authentication (pgpool 4.2)<br>
>> >> >> >><br>
>> >> >> >> >There's no such a version "4.2". You mean 4.0?<br>
>> >> >> >> My mistake, its 4.0<br>
>> >> >> >><br>
>> >> >> >> > Configuration are<br>
>> >> >> >> ><br>
>> >> >> >> > pgpool.conf<br>
>> >> >> >> > enable_pool_hba = on<br>
>> >> >> >> ><br>
>> >> >> >> > pool_hba.conf<br>
>> >> >> >> > host all all all md5<br>
>> >> >> >> > local all all<br>
>> md5<br>
>> >> >> >><br>
>> >> >> >> >What is your pg_hba.conf?<br>
>> >> >> >><br>
>> >> >> >> > pool_passwd<br>
>> >> >> >> > postgres: "someValue"<br>
>> >> >> >> > mpspostgres: "someValue"<br>
>> >> >> >> ><br>
>> >> >> >> > When i tried to connection to pgpool (with password as<br>
>> >> "someValue")<br>
>> >> >> >> > psql -U mpsroot -p 5432 -h 192.168.1.233 mpsdb<br>
>> >> >> >> ><br>
>> >> >> >> > Que 1 :I am successfully able to connection even though password<br>
>> >> for<br>
>> >> >> >> > mpsroot user is not present in pool_passwd file and axxording to<br>
>> >> >> >> ><br>
>> >> >> >> ><br>
>> >> >> >><br>
>> >> >><br>
>> >><br>
>> <a href="https://pgpool.net/mediawiki/index.php/FAQ#I_created_pool_hba.conf_and_pool_passwd_to_enable_md5_authentication_through_pgpool-II_but_it_does_not_work._Why.3F" rel="noreferrer" target="_blank">https://pgpool.net/mediawiki/index.php/FAQ#I_created_pool_hba.conf_and_pool_passwd_to_enable_md5_authentication_through_pgpool-II_but_it_does_not_work._Why.3F</a><br>
>> >> >> >> > Auth should fail<br>
>> >> >> >><br>
>> >> >> >> >Probably you are of the pattern in the FAQ above.<br>
>> >> >> >><br>
>> >> >> >> >pg_hba.conf pool_hba.conf pool_passwd result<br>
>> >> >> >> >------------------------------------------------------<br>
>> >> >> >> >trust md5 yes no auth<br>
>> >> >> >><br>
>> >> >> >> I don't think above pattern is hit, because i don't have password<br>
>> >> >> mpsroot<br>
>> >> >> >> in pool_passwd<br>
>> >> >> >><br>
>> >> >> >> >If not, please share pg_hba.conf.<br>
>> >> >> >><br>
>> >> >> >> pg_hba.conf<br>
>> >> >> >><br>
>> >> >> >> local all all<br>
>> trust<br>
>> >> >> >> host all all <a href="http://127.0.0.1/32" rel="noreferrer" target="_blank">127.0.0.1/32</a><br>
>> md5<br>
>> >> >> >> host all all <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> md5<br>
>> >> >> >> host replication primaryuser <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> md5<br>
>> >> >><br>
>> >> >> When you directly connect to PostgreSQL (no via Pgpool-II), does<br>
>> >> >> PostgreSQL ask password?<br>
>> >> >> --<br>
>> >> >> Tatsuo Ishii<br>
>> >> >> SRA OSS, Inc. Japan<br>
>> >> >> English: <a href="http://www.sraoss.co.jp/index_en.php" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
>> >> >> Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
>> >> >><br>
>> >><br>
>><br>
</blockquote></div>