[pgpool-general: 1934] Re: PCP client authentication question

Tatsuo Ishii ishii at postgresql.org
Thu Jul 25 09:13:26 JST 2013


> I'm setting up a pgpool-2 cluster with auto failover, failback and
> follow master commands and such.
> All is working fine, but I have a question about the pcp
> authentication.
> 
> User and password hash are defined in pcp.conf, which is good.
> However, when using a "follow_master_command", I want to script a
> pcp_recovery_node command, which makes me put that user and password
> in clear text in a script or in some kind of settings file which I
> then have to source from that script.

The only workaround I can think of now is, giving read permission of
the follow master script to only PostgreSQL super user.

> Is there some way of granting access to a "local only" user of passing
> the password encrypted to the pcp_* commands?

Currently no. I will add this (or any better way to mitigate the
security risk) to our TODO. This should not be terribly hard to
implement, I guess.

http://www.pgpool.net/mediawiki/index.php/TODO
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp


More information about the pgpool-general mailing list