[pgpool-general: 943] Re: Issue w/ md5 auth in master/slave mode
Tatsuo Ishii
ishii at postgresql.org
Sat Sep 1 08:59:41 JST 2012
> Ah-hah! Thanks a ton - I wasn't seeing that, and I found out why...
>
> enable_pool_hba was set to off.
>
> I didn't realize there was a setting for that because I basically followed the steps here: http://www.pgpool.net/docs/latest/pgpool-en.html#md5
Good catch. I'll fix the docs. Thanks for pointing it out!
> Thanks! It's working like a champ now.
You are welcome:-)
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
> On Aug 30, 2012, at 6:56 PM, Tatsuo Ishii <ishii at postgresql.org> wrote:
>
>> It is likely you have problem with pool_hba.conf.
>>
>> Have you seen this kind of message in your log file right after pgpool
>> starting up?
>>
>> 2012-08-31 10:48:27 DEBUG: pid 5274: loading "/home/t-ishii/work/git.postgresql.org/test/etc/pool_hba.conf" for client authentication configuration file
>>
>> If yes, I would like to see whole pool_hba.conf.
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese: http://www.sraoss.co.jp
>>
>>> Yes - I just did a diff of the two files and they are exactly the same.
>>>
>>> I made sure (just now) to restart both postgres servers just in case.
>>>
>>> Here's the output I'm getting from pgpool in debug mode when I try to make the connection (with sslmode=allow):
>>>
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: I am 21890 accept fd 6
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: read_startup_packet: application_name: psql
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: Protocol Major: 3 Minor: 0 database: mike user: mike
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: new_connection: connecting 0 backend
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: new_connection: connecting 1 backend
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: sending client->server SSL request
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: client->server SSL response: S
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: sending client->server SSL request
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: client->server SSL response: S
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_read_message_length: slot: 0 length: 12
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_read_message_length: slot: 1 length: 12
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_do_auth: auth kind:5
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: I am 21890 accept fd 6
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: Protocol Major: 1234 Minor: 5679 database: user:
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: SSLRequest from client
>>> 2012-08-31 01:34:54 ERROR: pid 21890: pool_ssl: Loading SSL certificate: No such file or directory
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: read_startup_packet: application_name: psql
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: Protocol Major: 3 Minor: 0 database: mike user: mike
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: new_connection: connecting 0 backend
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: new_connection: connecting 1 backend
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: sending client->server SSL request
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: client->server SSL response: S
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: sending client->server SSL request
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_ssl: client->server SSL response: S
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_read_message_length: slot: 0 length: 12
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_read_message_length: slot: 1 length: 12
>>> 2012-08-31 01:34:54 DEBUG: pid 21890: pool_do_auth: auth kind:5
>>>
>>>
>>> And then psql's output:
>>>
>>> ubuntu at app1:~$ psql "host=localhost port=9999 user=mike sslmode=allow"
>>> psql: ERROR: MD5 authentication is unsupported in replication, master-slave and parallel modes.
>>> HINT: check pg_hba.conf
>>> ERROR: MD5 authentication is unsupported in replication, master-slave and parallel modes.
>>> HINT: check pg_hba.conf
>>>
>>>
>>> Thanks again for your help!
>>>
>>> On Aug 30, 2012, at 5:56 PM, Lazáro Rubén García Martínez <lgarciam at vnz.uci.cu> wrote:
>>>
>>>> The pg_hba.conf in each postgresql server has the same configuration??
>>>>
>>>> Regards.
>>>>
>>>> From: pgpool-general-bounces at pgpool.net [pgpool-general-bounces at pgpool.net] On Behalf Of Michael Barrett [loki77 at gmail.com]
>>>> Sent: Thursday, August 30, 2012 7:00 PM
>>>> To: pgpool-general at pgpool.net
>>>> Subject: [pgpool-general: 936] Issue w/ md5 auth in master/slave mode
>>>>
>>>> Hi, I'm working on getting pgpool working in a master/slave setup using md5 authentication. Here's the versions of software I'm running:
>>>>
>>>> pgpool-II-3.2.0
>>>> postgresql-9.1.5
>>>>
>>>> I've setup a pool_passwd file using pg_md5 on the pgpool server for the user 'mike'. I've also setup the user 'mike' in the postgres database and updated pg_hba.conf to allow md5 connections from the pool host. As well I've setup pool_hba.conf with the following entry:
>>>>
>>>> host all all 127.0.0.1/32 md5
>>>>
>>>> Whenever I try to connect (via psql) I get the following error:
>>>>
>>>> psql: ERROR: MD5 authentication is unsupported in replication, master-slave and parallel modes.
>>>> HINT: check pg_hba.conf
>>>>
>>>> Any idea what might be going on there? I don't see it attempt to auth against the postgres server at all, and I'm not sure why pgpool is saying that md5 isn't allowed with master-slave mode when it sounds like it has been able to since 3.0.
>>>>
>>>> Thanks in advance!
>>>>
>>>> --
>>>> Michael Barrett
>>>>
>>>> Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
>>>> http://www.antiterroristas.cu
>>>> http://justiciaparaloscinco.wordpress.com
>>>>
>>>> Fin a la injusticia, LIBERTAD AHORA A NUESTROS CINCO COMPATRIOTAS QUE SE ENCUENTRAN INJUSTAMENTE EN PRISIONES DE LOS EEUU!
>>>> http://www.antiterroristas.cu
>>>> http://justiciaparaloscinco.wordpress.com
>>>
>>> --
>>> Michael Barrett
>>> loki77 at gmail.com
>>>
>>>
>>>
>>>
>
> --
> Michael Barrett
> loki77 at gmail.com
>
>
>
>
More information about the pgpool-general
mailing list