Chapter 6. Client Authentication

Table of Contents
6.1. The pool_hba.conf File
6.2. Authentication Methods
6.2.1. Trust Authentication
6.2.2. MD5 Password Authentication
6.2.3. PAM Authentication
6.2.4. GSSAPI Authentication

Since Pgpool-II is a middleware that works between PostgreSQL servers and a PostgreSQL database client, so when a client application connects to the Pgpool-II, Pgpool-II in turn connects to the PostgreSQL servers using the same credentials to serve the incoming client connection. Thus, all the access privileges and restrictions defined for the user in PostgreSQL gets automatically applied to all Pgpool-II clients, with an exceptions of the authentications on PostgreSQL side that depends on the client's IP addresses or host names. Reason being the connections to the PostgreSQL server are made by Pgpool-II on behalf of the connecting clients and PostgreSQL server can only see the IP address of the Pgpool-II server and not that of the actual client. Therefore, for the client host based authentications Pgpool-II has the pool_hba mechanism similar to the pg_hba mechanism for authenticating the incoming client connections.