[Pgpool-general] Pgpool-II and Slony-I
Tatsuo Ishii
ishii at sraoss.co.jp
Thu Aug 28 13:10:34 UTC 2008
> > Supporting md5 auth with pgpool is fundamentally impossible.
> >
> > 1) PostgreSQL send 32bit encryption salt to pgpool
> >
> > 2) pgpool forwards it to client
> >
> > 3) client encrypt password using the salt
> >
> > 4) pgpool forward the encrypted password to PostgreSQL
> >
> > Problem is, the salt in #1 is a random number and are
> > differ among
> > PostgreSQL servers. Using different salt produces different
> > encrypted
> > password in #3. Of course if you have only 1 PostgreSQL
> > server, then
> > you don't have the problem of course. But with only 1
> > PostgreSQL you
> > cannot make master/slave or replication system:-)
>
> Thanks for that, I understand why it could never work now.
You are welcome. I hope someone someday comes up and tell me I am wrong:-)
> Is it only the pgpool IP I have to set to trust, or do I have to open things up and trust every client?
Only pgpool IP.
You can use "password" auth as well by the way.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
More information about the Pgpool-general
mailing list