View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000262 | Pgpool-II | Bug | public | 2016-11-17 00:36 | 2016-12-06 07:58 |
| Reporter | atan | Assigned To | t-ishii | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | open | ||
| Platform | Linux | OS | Centos | OS Version | 7 |
| Product Version | 3.5.4 | ||||
| Summary | 0000262: md5 authentification is broken REOPEN of #196 | ||||
| Description | Hi, I have the same problem as is described here: http://pgpool.net/mantisbt/view.php?id=196&nbn=8 If there is a user in pool_passwd, it is possible to connect without any (or with any) password using this user. And it is not caused by connection pooling. | ||||
| Steps To Reproduce | pool_hba.conf hostssl all all 0.0.0.0/0 md5 pool_passwd foo:md596948aad3fcae80c08a35c9b5958cd89 <- bar psql -h x.x.x.x -U foo -d test <- no password psql (9.5.4, server 9.6.1) WARNING: psql major version 9.5, server major version 9.6. Some psql features might not work. SSL connection (protocol: TLSv1.2, cipher: AES256-GCM-SHA384, bits: 256, compression: off) Type "help" for help. test=# | ||||
| Tags | No tags attached. | ||||
|
|
pgpool.conf enable_pool_hba = on |
|
|
Have you checked FAQ? http://pgpool.net/mediawiki/index.php/FAQ#I_created_pool_hba.conf_and_pool_passwd_to_enable_md5_authentication_through_pgpool-II_but_it_does_not_work._Why.3F |
|
|
I've seen this table and I guess the first row is my case. pg_hba.conf pool_hba.conf pool_passwd result md5 md5 yes md5 auth This is my pg_hba.conf on both master and slave. host repmgr repmgr 192.168.10.176/32 trust host replication repmgr 192.168.10.176/32 trust host repmgr repmgr 192.168.10.175/32 trust host replication repmgr 192.168.10.175/32 trust host all pgpool 192.168.10.176/32 trust host all pgpool 192.168.10.175/32 trust host all all 192.168.10.175/32 trust host all all 192.168.10.176/32 trust host all all 0.0.0.0/0 md5 |
|
|
In your configuration all connections from 192.168.10.175 or 192.168.10.176 are accepted by PostgreSQL without authentication. You did not tell me what is the IP of the host which Pgpool-II is running on, but if it's 192.168.10.175 or 192.168.10.176, then that exactly explains what's going on with you. |
|
|
I'm really sorry, you are completely correct. I forgot that Postgresql server gets connection from pgpool ip and doesn't know what ip has an external client. I want to have trusted connections between master and slave servers, but pgpool runs on the same servers (on each server with a watchdog). Does this mean that I can't have a trusted connection by IP when I also use md5 authentification for other connections? |
|
|
> Does this mean that I can't have a trusted connection by IP when I also use md5 authentification for other connections? No, you can't. |
|
|
Issue closed. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2016-11-17 00:36 | atan | New Issue | |
| 2016-11-17 00:52 | atan | Note Added: 0001171 | |
| 2016-11-17 09:06 | t-ishii | Note Added: 0001172 | |
| 2016-11-18 22:14 | atan | Note Added: 0001173 | |
| 2016-11-19 10:17 | t-ishii | Note Added: 0001174 | |
| 2016-11-21 22:03 | atan | Note Added: 0001180 | |
| 2016-12-06 07:56 | t-ishii | Note Added: 0001201 | |
| 2016-12-06 07:57 | t-ishii | Note Added: 0001202 | |
| 2016-12-06 07:58 | t-ishii | Assigned To | => t-ishii |
| 2016-12-06 07:58 | t-ishii | Status | new => closed |
