[Pgpool-hackers] Reload does not help if password file changed

Gurjeet Singh singh.gurjeet at gmail.com
Tue Sep 27 02:18:02 UTC 2011 

Hi Tatsuo,

    Please find an updated patch. I am now using strcmp() to check if we
need to reopne the file, just like the code in main.c, instead of comparing
the value with NULL.

Regards,

On Mon, Sep 26, 2011 at 9:57 PM, Tatsuo Ishii <ishii at sraoss.co.jp> wrote:

> Thanks for report and patches. I will take care of this.
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese: http://www.sraoss.co.jp
>
> > Hi,
> >
> >     Maybe this is expected behaviour, but it definitely is not desirable.
> If
> > we add a new user:passwrod to the contents of pool_passwd file and send a
> > reload signal to pgpool, the child processes are still not able to honor
> the
> > new user and the trying to login using the new user causes error "MD5
> > authentication failed..."
> >
> >     I have diagnosed it back to the fact that pgpool uses stdio.h
> interface
> > (FILE *) to access the pool_passwd file, and it reads the contents of the
> > file for every new login that requests MD5 authentication. The problem
> with
> > the stdio.h interface is that it caches the contents of the file and it
> does
> > not refresh the cache even when the contents of the file change on-disk,
> so
> > every time pgpool tries to read new user's password it does not see the
> new
> > entry and hence fails.
> >
> >     To be able to connect as the new user we have to either restart
> pgpool
> > or wait for a new child to be forked which will see the new contents of
> the
> > file. All of these problems also apply to the case where we might alter
> the
> > password of an existing user and update the md5 password in pool_passwd
> > file.
> >
> >     I have attached a minimal patch to address this issue. In the patch,
> we
> > save the file path that was initially used to open the pool_passwd and
> upon
> > every reload the child closes and reopens the file so that the stdio.h
> > interface does not show it cached data.
> >
> > Regards,
> > --
> > Gurjeet Singh
> > EnterpriseDB Corporation
> > The Enterprise PostgreSQL Company
>



-- 
Gurjeet Singh
EnterpriseDB Corporation
The Enterprise PostgreSQL Company
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pgfoundry.org/pipermail/pgpool-hackers/attachments/20110926/ec4c00a0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgpool_passwd_reload-1.patch
Type: text/x-diff
Size: 1604 bytes
Desc: not available
URL: <http://pgfoundry.org/pipermail/pgpool-hackers/attachments/20110926/ec4c00a0/attachment.bin>

More information about the Pgpool-hackers mailing list