[pgpool-general: 1537] Re: [pgPool-II 3.2.3] MD5 authentication and username longer than 32 characters.
Thomas Martin
tmartincpp at gmail.com
Thu Mar 28 18:18:10 JST 2013
Hello.
> I think there's a problem with the user name length in pool_passwd.c:
>
> char name[32];
>
> Included is a patch trying to fix the problme. Can you please try it out?
>
> Instead of just changing above to 32, I create new define
> MAX_USER_NAME_LEN (=128) in md5.h since both md5.c and pool_passwd.c
> needs to agree with the user length limit.
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese: http://www.sraoss.co.jp
I tried your patch but since I'm getting a strange behaviour.
First with your patch pg_md5 is working correctly (there is no more
duplicated entries in pool_passwd).
But I'm not able to use users with 32 characters anymore (and I'm
still stuck with more than 32 characters).
Here is my configuration:
1) postgresql:
postgres=# SELECT * FROM pg_authid WHERE
rolname='abcdefghijklmnopqrstuvwxyzabcde' OR
rolname='abcdefghijklmnopqrstuvwxyzabcde0' OR
rolname='abcdefghijklmnopqrstuvwxyzabcdefg';
rolname | rolsuper | rolinherit |
rolcreaterole | rolcreatedb | rolcatupdate | rolcanlogin |
rolconnlimit | rolpassword | rolvaliduntil
-----------------------------------+----------+------------+---------------+-------------+--------------+-------------+--------------+-------------------------------------+---------------
abcdefghijklmnopqrstuvwxyzabcde | f | t | f
| f | f | t | -1 |
md545382eea608cb11a08bcd4828dd5163d |
abcdefghijklmnopqrstuvwxyzabcdefg | f | t | f
| f | f | t | -1 |
md5695cbb66f614fe397819654eb4c49f8c |
abcdefghijklmnopqrstuvwxyzabcde0 | f | t | f
| f | f | t | -1 |
md5023e9fca8749be6f8cc9032f88df4276 |
2) Pgpool:
# grep -E "abcdefghijklmnopqrstuvwxyzabcde:|abcdefghijklmnopqrstuvwxyzabcde0:|abcdefghijklmnopqrstuvwxyzabcdefg:"
/etc/itf-pgpool2/pool_passwd
abcdefghijklmnopqrstuvwxyzabcdefg:md5695cbb66f614fe397819654eb4c49f8c
abcdefghijklmnopqrstuvwxyzabcde:md545382eea608cb11a08bcd4828dd5163d
abcdefghijklmnopqrstuvwxyzabcde0:md5023e9fca8749be6f8cc9032f88df4276
3) I'm able to connect with all users directly to postgresqls:
root at pgpool2-4:~# user=abcdefghijklmnopqrstuvwxyzabcde
root at pgpool2-4:~# psql -h postgresql1 db -U $user -c "SELECT 1;" ;
psql -h postgresql2 db -U $user -c "SELECT 1;"
?column?
----------
1
(1 row)
?column?
----------
1
(1 row)
root at pgpool2-4:~# user=abcdefghijklmnopqrstuvwxyzabcde0
root at pgpool2-4:~# psql -h postgresql1 db -U $user -c "SELECT 1;" ;
psql -h postgresql2 db -U $user -c "SELECT 1;"
?column?
----------
1
(1 row)
?column?
----------
1
(1 row)
root at pgpool2-4:~# user=abcdefghijklmnopqrstuvwxyzabcdefg
root at pgpool2-4:~# psql -h postgresql1 db -U $user -c "SELECT 1;" ;
psql -h postgresql2 db -U $user -c "SELECT 1;"
?column?
----------
1
(1 row)
?column?
----------
1
(1 row)
4)
a) With a username of 31 character it's working:
root at pgpool2-4:~# psql -h pgpool db -U $user -c "SELECT 1;"
?column?
----------
1
(1 row)
b) With a username of 32 characters I have this message (which is
supposed to be sent by postgres if I'm right):
root at pgpool2-4:~# user=abcdefghijklmnopqrstuvwxyzabcde0
root at pgpool2-4:~# psql -h pgpool db -U $user -c "SELECT 1;"
psql: FATAL: password authentication failed for user
"abcdefghijklmnopqrstuvwxyzabcde0"
c) With a username of more than 32 characters I'm still getting the
same error than before:
root at pgpool2-4:~# user=abcdefghijklmnopqrstuvwxyzabcdefg
root at pgpool2-4:~# psql -h pgpool db -U $user -c "SELECT 1;"
psql: ERROR: "MD5" authentication with pgpool failed for user
"abcdefghijklmnopqrstuvwxyzabcdefg"
More information about the pgpool-general
mailing list