View Issue Details

IDProjectCategoryView StatusLast Update
0000602Pgpool-IIBugpublic2020-04-20 09:30
ReporterawillerAssigned Topengbo 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionopen 
Product Version4.1.0 
Target VersionFixed in Version 
Summary0000602: sr_health_check authentication fails with any other password type than cleartext password
Descriptionsr_health_check authentication fails with any other password type than cleartext password (tested in pgpool.conf).

The documentation for Version 4.1.1 states that also hashed or encrypted passwords should work, but that is not the case: https://www.pgpool.net/docs/latest/en/html/runtime-streaming-replication-check.html

Please find the log below:
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: ERROR: Failed to check replication time lag
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DETAIL: No persistent db connection for the node 0
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: HINT: check sr_check_user and sr_check_password
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: CONTEXT: while checking replication time lag
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_flush_it: flush size: 41
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_read: read 13 bytes from backend 0
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: authenticate kind = 5
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_write: to backend: 0 kind:p
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_flush_it: flush size: 41
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_read: read 123 bytes from backend 0
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: ERROR: authentication failed
Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DETAIL: Passwort-Authentifizierung für Benutzer »postgres« fehlgeschlagen
Additional InformationRelated to: https://www.pgpool.net/mantisbt/view.php?id=464
TagsNo tags attached.

Activities

awiller

2020-04-02 03:11

reporter   ~0003295

I tested this with md5 and plaintext password type both directly in pgpool.conf and in pool_passwd file. Only text passwords work in both places, md5 passwords don't work anywhere.

pengbo

2020-04-06 09:28

developer   ~0003302

How did you set "sr_check_user", "sr_check_password" and pool_passwd?
Could you share your pgpool.conf and pool_passwd ?

awiller

2020-04-14 19:17

reporter   ~0003325

I have found the issue.

During testing, I used some users with identical username and password, but not for the postgres user used for streaming replication check.
I generated the md5 hashes using an external tool, not pg_md5. I concatenated username and password, which, as I now found out from looking at the source code, is the wrong way around.

This wasn't obvious since I apparently only tested login with the users with same user name and password, where the swap was without consequences.

Now, I also found that the right way is documented at the end of this page, I must have rembered wrong: https://www.pgpool.net/docs/latest/en/html/pg-md5.html

Thank you for your help!

Issue History

Date Modified Username Field Change
2020-04-02 03:06 awiller New Issue
2020-04-02 03:11 awiller Note Added: 0003295
2020-04-02 16:57 pengbo Assigned To => pengbo
2020-04-02 16:57 pengbo Status new => assigned
2020-04-06 09:28 pengbo Note Added: 0003302
2020-04-07 09:48 pengbo Status assigned => feedback
2020-04-14 19:17 awiller Note Added: 0003325
2020-04-14 19:17 awiller Status feedback => assigned
2020-04-20 09:30 pengbo Status assigned => resolved