[Pgpool-general] Authentication in replication mode
Tatsuo Ishii
ishii at sraoss.co.jp
Sun Mar 29 09:30:46 UTC 2009
> I had (to the extent I'd thought about it) assumed pgpool would accept
> an authentication from its client and make a separate authenticated
> connection to each backend, but I don't see how to configure it to do
> that.
That's impossible. In md5 auth, backend sends random generated "seed"
to client and the client send back encrypted password to backend using
the seed. So the client cannot send the encrypted password, which can
be accepted by *both* backends.
> Does pgpool support a more secure form of authentication? Is there a
> more secure configuration to allow use of these "insecure" protocols
> within a narrow enough scope that these vulnerabilities are protected?
You could use SSH tunnel.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
More information about the Pgpool-general
mailing list