[Pgpool-general] authentication problems
Christophe Philemotte
christophe.philemotte at apreco.be
Tue Apr 13 08:58:21 UTC 2010
> In my configuration I have enabled the "enable_pool_hba" option, and, in
> "pool_hba.conf" I have all the IP in trusted authentication mode (it just
> can be trust, reject or PAM).
> In my "pg_hba.conf" file, I have those same IPs but, this time, in
> "password" authernticacion mode.
I think you mix pool_hba and pg_hba fields meaning.
The pool_hba allows you to setup authentication between the client and
pgpool. And the pg_hba allows you to setup authentication between the
client and the postgresql, but this time the client could be pgpool.
So, in pg_hba.conf, you have to put IP of your pgpool, not your client
(except if you want clients could directly connect to your backend).
> That works perfectry in replication, so, connection is perfectrly possible.
It depends on your whole setup. Could you send the files to check them?
> In my pcp.conf I have an md5 password configured.
>
> If a node falls and I try:
> pcp_recovery_node -d 5 pgpool_host port user password 1
In recovery process, the last step is to remotely start the
resynchronized backend. Are you sure that the start command is well
send to it? Is your ssh keys sharing is well setup?
Have you log the actions made by your recovery scripts? It is a good
information source to debug what exactly happens.
> It drops the message I told...
> As I understand, the password in the recovery command must be the one MD5ed
> in pcp.conf, isn't it?
yes, it is.
> which can be or can't be the same in PostgreSQL database?
It is a password to access to the administration control interface of
pgpool. So, it could be whatever you want and setup in pcp.conf.
> or, the password in pcp.conf MUST be the MD5ed PostgreSQL
> password?
No, there is no obligation.
regards,
christophe
More information about the Pgpool-general
mailing list