<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 26/4/25 20:19, Sbob wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:c47a7eed-501a-4b98-8901-5cd8eb2c5ee4@quadratum-braccas.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <p>All;</p>
      <p>I have setup authentication where I have an md5 line in the
        pool_hba.conf file for a user and I have an md5 password entry
        for the user in the pool_passwd file, and the backend db is
        using scram_sha_256 <br>
      </p>
      <p>I would like to setup the pool users to use scram sha 256 as
        well. I see in the docs that I should use pg_enc to create the
        entry in the pool_passwd file, however pg_enc is complaining
        about a key file.</p>
      <p>I do not understand where I should put the keyfile and what I
        should put in the keyfile.</p>
      <p>I assume that AES is the same as scram sha 256?<br>
      </p>
      <p>I see this in the docs:</p>
      <p> <font color="#813d9c">If you have <tt class="LITERAL">AES</tt>
          encrypted passwords stored in the <a
href="https://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#GUC-POOL-PASSWD"
            moz-do-not-send="true">pool_passwd</a> file, then <span
            class="PRODUCTNAME">Pgpool-II</span> will require the
          decryption key to decrypt the passwords before using them, <span
            class="PRODUCTNAME">Pgpool-II</span> tries to read the
          decryption key at startup from the <tt class="FILENAME">.pgpoolkey</tt>
          file. <tt class="FILENAME">.pgpoolkey</tt> is a plain text
          file which contains the decryption key string. </font></p>
      <p><font color="#813d9c"> By default the <span
            class="PRODUCTNAME">Pgpool-II</span> will look for the <tt
            class="FILENAME">.pgpoolkey</tt> file in the user's home
          directory or the file referenced by environment variable <tt
            class="LITERAL">PGPOOLKEYFILE</tt>. You can also specify the
          key file using the (-k, --key-file=KEY_FILE) command line
          argument to the <a
href="https://www.pgpool.net/docs/latest/en/html/pgpool.html"
            moz-do-not-send="true">pgpool</a> command. The permissions
          on .pgpoolkey must disallow any access to world or group.
          Change the file permissions by the command <tt
            class="COMMAND">chmod 0600 ~/.pgpoolkey</tt>. </font></p>
      <p><br>
        but I am still un-sure what I put in the keyfile</p>
    </blockquote>
    <p><a class="moz-txt-link-freetext" href="https://www.pgpool.net/docs/latest/en/html/auth-aes-encrypted-password.html">https://www.pgpool.net/docs/latest/en/html/auth-aes-encrypted-password.html</a></p>
    <p>~/.pgpoolkey</p>
    <blockquote type="cite"
cite="mid:c47a7eed-501a-4b98-8901-5cd8eb2c5ee4@quadratum-braccas.com">
      <p><br>
      </p>
      <p>Thanks in advance<br>
      </p>
      <p><br>
      </p>
      <p><br>
      </p>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre wrap="" class="moz-quote-pre">_______________________________________________
pgpool-general mailing list
<a class="moz-txt-link-abbreviated" href="mailto:pgpool-general@pgpool.net">pgpool-general@pgpool.net</a>
<a class="moz-txt-link-freetext" href="http://www.pgpool.net/mailman/listinfo/pgpool-general">http://www.pgpool.net/mailman/listinfo/pgpool-general</a>
</pre>
    </blockquote>
  </body>
</html>