View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000602 | Pgpool-II | Bug | public | 2020-04-02 03:06 | 2020-04-20 09:30 |
| Reporter | awiller | Assigned To | pengbo | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | open | ||
| Product Version | 4.1.0 | ||||
| Summary | 0000602: sr_health_check authentication fails with any other password type than cleartext password | ||||
| Description | sr_health_check authentication fails with any other password type than cleartext password (tested in pgpool.conf). The documentation for Version 4.1.1 states that also hashed or encrypted passwords should work, but that is not the case: https://www.pgpool.net/docs/latest/en/html/runtime-streaming-replication-check.html Please find the log below: Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: ERROR: Failed to check replication time lag Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DETAIL: No persistent db connection for the node 0 Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: HINT: check sr_check_user and sr_check_password Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: CONTEXT: while checking replication time lag Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_flush_it: flush size: 41 Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_read: read 13 bytes from backend 0 Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: authenticate kind = 5 Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_write: to backend: 0 kind:p Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_flush_it: flush size: 41 Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DEBUG: pool_read: read 123 bytes from backend 0 Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: ERROR: authentication failed Apr 01 20:01:34 dbtest-1 pgpool[21090]: 2020-04-01 20:01:34: pid 21176: DETAIL: Passwort-Authentifizierung für Benutzer »postgres« fehlgeschlagen | ||||
| Additional Information | Related to: https://www.pgpool.net/mantisbt/view.php?id=464 | ||||
| Tags | No tags attached. | ||||
|
|
I tested this with md5 and plaintext password type both directly in pgpool.conf and in pool_passwd file. Only text passwords work in both places, md5 passwords don't work anywhere. |
|
|
How did you set "sr_check_user", "sr_check_password" and pool_passwd? Could you share your pgpool.conf and pool_passwd ? |
|
|
I have found the issue. During testing, I used some users with identical username and password, but not for the postgres user used for streaming replication check. I generated the md5 hashes using an external tool, not pg_md5. I concatenated username and password, which, as I now found out from looking at the source code, is the wrong way around. This wasn't obvious since I apparently only tested login with the users with same user name and password, where the swap was without consequences. Now, I also found that the right way is documented at the end of this page, I must have rembered wrong: https://www.pgpool.net/docs/latest/en/html/pg-md5.html Thank you for your help! |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-04-02 03:06 | awiller | New Issue | |
| 2020-04-02 03:11 | awiller | Note Added: 0003295 | |
| 2020-04-02 16:57 | pengbo | Assigned To | => pengbo |
| 2020-04-02 16:57 | pengbo | Status | new => assigned |
| 2020-04-06 09:28 | pengbo | Note Added: 0003302 | |
| 2020-04-07 09:48 | pengbo | Status | assigned => feedback |
| 2020-04-14 19:17 | awiller | Note Added: 0003325 | |
| 2020-04-14 19:17 | awiller | Status | feedback => assigned |
| 2020-04-20 09:30 | pengbo | Status | assigned => resolved |
