[Pgpool-general] Authentication when using streaming replication
Andreas H.
lists at hilboll.de
Wed Nov 23 19:36:50 UTC 2011
Hi,
I have trouble setting up pgpool2-3.0.2 (from Debian Squeeze backports)
with two PostgreSQL 9.1 servers in streaming replication mode. When I
set the {pool,pg}_hba.conf settings to ``trust``, everything seems to go
smoothly. However, in my production environment, I don't want just
anyone do anything to my database server; at least the password auth
should be enforced, and passwords should be protected from spying eyes.
My pgpool2 instance is running on a seperate server. From what I see, I
cannot use md5 in Postgres' hba with streaming replication. So I could
use SSL for the connection between pgpool and Postgres, I guess,
allowing ``password`` access to Postgres over SSL. But how do I then set
up access in pgpool's hba? For security reasons, I want the Postgres hba
to only allow connections from the pgpool box.
Sorry, if this is a bit confuse. Short version:
How do I set up Postgres' and pgpool's hba files to
* allow access to Postgres from pgpool only
* enforce password use
* not transmit passwords unencrypted
Another question, maybe related: What is the purpose of the pool_passwd
file? I cannot find anything in the docs, but my pgpool complains about
it missing upon startup ...
Thanks for your insight!
Andreas.
More information about the Pgpool-general
mailing list