[Pgpool-general] Clear text authentication does not seem to work.

John Huong jahuong at yahoo.com
Sun Apr 17 03:19:37 GMT 2005 

Dear Tatsuo,
   I've fixed the problem. I reexamined the
pg_hba.conf of my servers and I found something that
caused the problem.
Let's say I have server A and B

Server A and B has identical pg_hba.conf except for
one line:


Server A pg_hba.conf - A must trust all connections
from B
Server B pg_hba.conf - B must trust all connections
from A

However on top of that I have the directive that all
localhost connections must be authenticated.

So I can only guess that when I connect to pgpool on A
from A, the authentication succeeds for A, but B
automatically allows pgpool from A to connect thus
giving totally different replies and confusing pgpool.

I can only come to this conclusion when I remove all
trust directives from the pg_hba.conf file on both
server.


--- Tatsuo Ishii <t-ishii at sra.co.jp> wrote:

> I couldn't reproduce your problem. My configuration
> is:
> 
> - both PostgreSQL servers are connected with UNIX
> domain socket
> - PostgreSQL 8.0.2 is used
> 
> These should not affect too much to reproduce the
> problem...
> Anyone has experienced similar problem?
> --
> Tatsuo Ishii
> 
> > Sorry, forgot to mention that connecting to the
> > servers directly works perfectly. Both are running
> on
> > 7.4.5.
> > 
> > --- Tatsuo Ishii <t-ishii at sra.co.jp> wrote:
> > 
> > > psql -d template1 -U john12
> > > and
> > > psql -d template1 -U john12 -h cimserv-test
> > > 
> > > are working properly?
> > > 
> > > I want to make sure that the clear text
> > > authentication is working with
> > > your configuration first of all.
> > > --
> > > Tatsuo Ishii
> > > 
> > > > I've looked through a lot of other PostgreSQL
> > > > replication and failover solutions but am
> quite
> > > > intrigued by pgpool due to its simplicity.
> > > > 
> > > > I've manage to compile it properly, but no
> matter
> > > what
> > > > I do I can't seem to get it to work with clear
> > > text
> > > > authentication.
> > > > Here's what I got from the syslog.
> > > > 
> > > > pgpool: 2005-04-15 15:04:22 DEBUG: pid 8744: I
> am
> > > 8744
> > > > accept fd 6
> > > > pgpool: 2005-04-15 15:04:22 DEBUG: pid 8744:
> > > Protocol
> > > > Major: 3 Minor: 0 database: template1 user:
> john12
> > > > pgpool: 2005-04-15 15:04:22 DEBUG: pid 8744:
> > > > read_message_length: lenghth: 8
> > > > pgpool: 2005-04-15 15:04:22 DEBUG: pid 8744:
> > > trying
> > > > clear text password authentication
> > > > pgpool: 2005-04-15 15:04:22 DEBUG: pid 8744:
> > > > do_clear_text_password: backend does not
> return R
> > > > while processing clear text password
> > > authentication
> > > > pgpool: 2005-04-15 15:04:22 ERROR: pid 8744:
> > > > pool_do_auth: backend does not return
> > > authenticaton ok
> > > > 
> > > > 
> > > > All I tried to do was just to type psql -d
> > > template1
> > > > -p 9999 -U john12 (password prompt
> automatically
> > > > appears)
> > > > 
> > > > my pgpool.conf is as follows:
> > > > 
> > > > #
> > > > # pgpool configuration file sample
> > > > # $Header:
> > > /cvsroot/pgpool/pgpool/pgpool.conf.sample,v
> > > > 1.1.1.1 2005/02/14 14:52:21 t-ishii Exp $
> > > > 
> > > > # host name or IP address to listen on: '*'
> for
> > > all,
> > > > '' for no TCP/IP connections
> > > > listen_addresses = 'cimserv-test2'
> > > > 
> > > > # port number for pgpool
> > > > port = 9999
> > > > 
> > > > # Unix domain socket path. Debian package
> default
> > > to
> > > > /var/run/postgresql!
> > > > socket_dir = '/tmp'
> > > > 
> > > > # host name where PostgreSQL server is running
> on.
> > > ''
> > > > means localhost using UNIX
> > > > # domain socket
> > > > backend_host_name = 'localhost'
> > > > 
> > > > # port number PostgreSQL server is running on.
> > > > backend_port = 5432
> > > > 
> > > > # Unix domain socket path for the backend.
> Debian
> > > > package default to /var/run/postgresql!
> > > > backend_socket_dir = '/tmp'
> > > > 
> > > > # host name where secondary PostgreSQL server
> is
> > > > running on. '' means localhost using UNIX
> > > > # domain socket
> > > > secondary_backend_host_name = 'cimserv-test'
> > > > 
> > > > # port number secondary PostgreSQL server is
> > > running
> > > > on.
> > > > # 0 means no secondrary PostgreSQL
> > > > secondary_backend_port = 5432
> > > > 
> > > > # number of pre-forked child process
> > > > num_init_children = 32
> > > > 
> > > > # numer of connection pool allowed for a child
> > > > process.
> > > > max_pool = 4
> > > > 
> > > > # if idle for this seconds, child exits. 0
> means
> > > no
> > > > timeout.
> > > > child_life_time = 300
> > > > 
> > > > # if idle for this seconds, connection to
> > > PostgreSQL
> > > > closes. 0 means
> > > > # no timeout
> > > > connection_life_time = 28800
> > > > 
> > > > # logging directory
> > > > logdir = '/tmp'
> > > > 
> > > > # replication mode
> > > > replication_mode = true
> > > > 
> > > > # set this to true if you want to avoid
> deadlock
> > > > situation when
> > > > # replication enabled.
> > > > # there will be noticable performance
> degration,
> > > > however.
> > > > # a work around is set this to false and
> insert
> > > > /*STRICT*/ comment
> > > > # at the beginning of the SQL command.
> > > > replication_strict = true
> > > > 
> > > > # when replication_strict is set to false,
> there
> > > will
> > > > be a chance for
> > > > # deadlocks. set this to non 0 (in milli
> seconds)
> > > to
> > > > detect this
> > > > # situation and resolve the deadlock aborting
> > > current
> > > > session.
> > > > replication_timeout = 5000
> > > > 
> > > > # load balancing mode. i.e. all SELECT except
> in a
> > > > transaction block
> > > > # are load balanced. This is ignored if
> > > > replication_mode is false.
> > > > load_balance_mode = true
> > > > 
> > > > # load balance weight for master and
> secondary.
> > > actual
> > > > weight is
> > > > # calculated by
> weight_master:weight_secondary.
> > > For
> > > > example both
> > > > #
> > > > # weight_master = 10 and weight_secondary = 5
> > > > # weight_master = 4 and weight_secondary = 2
> > > > #
> > > > # are regarded as master has double the weight
> > > > comparing with secondary.
> > > > # master and secondary have same weight in the
> > > > default.
> > > > weight_master = 0.5
> > > > weight_secondary = 0.5
> > > > 
> 
=== message truncated ===

More information about the Pgpool-general mailing list