[Pgpool-general] authentication problems
Daniel Codina
dcodina at laigu.net
Tue Apr 13 14:38:20 UTC 2010
I've already found what the problem was... it was "my" fault,. not
pgpool's...
I was overwriteing the recovery password in my installation,... so, it was
not able to connect because of that.
pcp_recovery_node command was not informing me about that, so I had to
modify the code just to see wich passwor was it sending,... Maybe would be
good if pcp_recovery_node command would tell something else.
Anyway,... thanks again!
2010/4/13 Christophe Philemotte <christophe.philemotte at apreco.be>
> > In my configuration I have enabled the "enable_pool_hba" option, and, in
> > "pool_hba.conf" I have all the IP in trusted authentication mode (it just
> > can be trust, reject or PAM).
> > In my "pg_hba.conf" file, I have those same IPs but, this time, in
> > "password" authernticacion mode.
>
> I think you mix pool_hba and pg_hba fields meaning.
>
> The pool_hba allows you to setup authentication between the client and
> pgpool. And the pg_hba allows you to setup authentication between the
> client and the postgresql, but this time the client could be pgpool.
>
> So, in pg_hba.conf, you have to put IP of your pgpool, not your client
> (except if you want clients could directly connect to your backend).
>
> > That works perfectry in replication, so, connection is perfectrly
> possible.
> It depends on your whole setup. Could you send the files to check them?
>
> > In my pcp.conf I have an md5 password configured.
> >
> > If a node falls and I try:
> > pcp_recovery_node -d 5 pgpool_host port user password 1
> In recovery process, the last step is to remotely start the
> resynchronized backend. Are you sure that the start command is well
> send to it? Is your ssh keys sharing is well setup?
>
> Have you log the actions made by your recovery scripts? It is a good
> information source to debug what exactly happens.
>
> > It drops the message I told...
> > As I understand, the password in the recovery command must be the one
> MD5ed
> > in pcp.conf, isn't it?
> yes, it is.
>
> > which can be or can't be the same in PostgreSQL database?
> It is a password to access to the administration control interface of
> pgpool. So, it could be whatever you want and setup in pcp.conf.
>
> > or, the password in pcp.conf MUST be the MD5ed PostgreSQL
> > password?
> No, there is no obligation.
>
> regards,
>
> christophe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pgfoundry.org/pipermail/pgpool-general/attachments/20100413/a80fd385/attachment.html>
More information about the Pgpool-general
mailing list