[Pgpool-general] pgpool-II 3.0.3 md5 authentication

E.D. e065c8515d206cb0e190 at gmail.com
Wed May 11 16:22:22 UTC 2011 

On Tue, Apr 26, 2011 at 1:22 PM, E.D. <e065c8515d206cb0e190 at gmail.com>wrote:

> On Mon, Apr 25, 2011 at 6:42 PM, Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
>
>> > Hi everyone,
>> >
>> > I'm running pgpool2 on a Debian server, with two backends (one 8.4 and
>> one
>> > 9.0). From the pgpool2 box I can psql to the two backends just fine.
>> >
>> > # dpkg --list | grep pgpool2
>> > ii  pgpool2                                3.0.3-2
>> > connection pool server and replication proxy for PostgreSQL
>> >
>> > My pgool2 is set to raw mode (soon to be replication), uses pool_hba and
>> > pool_passwd.
>> > Apr 25 12:48:16 server pgpool: 2011-04-25 12:48:16 DEBUG: pid 23781: I
>> am
>> > 23781
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 DEBUG: pid 23779: I
>> am
>> > 23779 accept fd 5
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 DEBUG: pid 23779:
>> > Protocol Major: 3 Minor: 0 database: testuser user: testuser
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 ERROR: pid 23779:
>> > pool_get_passwd: passwd_fd is NULL
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 ERROR: pid 23779:
>> "MD5"
>> > authentication with pgpool failed for user "testuser"
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 DEBUG: pid 23735:
>> > reap_handler called
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 DEBUG: pid 23735:
>> > reap_handler: call wait3
>> > Apr 25 12:48:21 server pgpool: 2011-04-25 12:48:21 DEBUG: pid 23735:
>> child
>> > 23779 exits with status 512
>> >
>> > I understand that the pool_passwd can't be found (from "pool_get_passwd:
>> > passwd_fd is NULL") but fail to see where to configure the location in
>> any
>> > of the config files. By default the pg_md5 utility created it under
>> > /etc/pgpool2/pool_passwd.
>> >
>> > Would anyone know what's wrong in my setup?
>>
>> pool_passwd is located under same directory as pgpool.conf.
>>
>> Raw mode does not require pool_passwd for md5 auth, BTW. Are you sure
>> that you are in raw mode?
>>
>>
> Yes. Actually I think it comes from the fact that I do the following:
>
> user1$ psql -U user2 mydb
>
> user2 is the one in pg_hba on the backend sides, but putting either user1
> or user2 in pool_passwd gives an error, however:
>
> user2$ psql mydb
>
> works fine. Is psql -U maybe not supported in that kind of setup?
>
>
>
It seems that whether in raw mode or in replication mode, pgpool2 doesn't
recognize "trust" authentication.
I managed to get raw to work (without pool_passwd or pool_hba, some conf
might have been wrong on my side) but I get prompted for a password even
though I'm in "trust" mode. Connecting to the backend doesn't prompt me for
a password.
Now in replication mode I encounter the same issue, except that this time it
won't let me connect (since md5 is not supported... but I'm not using md5):

$ psql -p 5434 -U user1 db1
psql: ERROR:  MD5 authentication is unsupported in replication, master-slave
and parallel modes.
HINT:  check pg_hba.conf

I have no issue connecting to the backends with:
$ psql -p 543{5,6,7} -U user1 db1
And no password is asked.

So I have two questions:
- why does pgpool2 thinks I'm trying to use an md5 auth when my backends are
configured for "trust" (on that specific user/db combination)
- why does pgpool2 throw an error without even connecting to the backend (no
connection failed in the logs of postgresql), which I guess adds to my
previous question: "why is md5 assumed without even connecting to backend)?

Note that adding use of pgpool_hba with "local user1 db1 trust" doesn't
change anything.

Best,
ED
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pgfoundry.org/pipermail/pgpool-general/attachments/20110511/8f1b859a/attachment.html>

More information about the Pgpool-general mailing list