[Pgpool-general] md5 auth + SSL ??
pgcluster at bluewin.ch
pgcluster at bluewin.ch
Thu Feb 3 09:52:35 UTC 2011
Hi all,
Have pgpool-II 3.0.1 in replication mode up and running, accessing two instances of pg 9.0.1 on the same
machine.
So far so good, all looks fine and I’m almost happy except I'm unable to achieve authentication the way I want
to :-(
What I want:
- all connections from the same machine should be trusted.
- all connections from different hosts
should only be possible via SSL
What I did:
-> pgpool.conf (beside all other entries for replication, ports etc.
-
ssl = true, ssl_key + ssl_cert point to the correct ssl files
- enable_pool_hba = true
- pool_password build
with pg_md5 --md5aut
pool_hba.conf
===========
local all postgres trust
hostssl all
all 0.0.0.0/0 md5
pg_hba.conf
=========
# TYPE DATABASE USER CIDR-ADDRESS
METHOD
local all postgres trust
hostssl
all postgres 127.0.0.1/0 md5
Result:
- connecting locally: -> md5 authentication is
unsupported in replication,
- connecting from different hosts: -> able to connect with AND WITHOUT ??? SSL by supplying
the password
Then I changed pg_hba.conf the following:
pg_hba.conf
=========
# TYPE DATABASE USER
CIDR-ADDRESS METHOD
local all postgres trust
host all postgres 127.0.0.1/0 trust
hostssl all
postgres 127.0.0.1/0 md5
Result:
- connection local: -> ok, connect without pw (trust) possible
-
connecting from different host: -> able to connect with AND WITHOUT SSL ??? and with and WITHOUT supplying a password
??? :-(
Question:
- is it possible to configure what I want ?
- How ?
Any help is highly appreciated.
TIA
acki4711
More information about the Pgpool-general
mailing list