[pgpool-general: 3099] Re: pg_md5 issue

Tatsuo Ishii ishii at postgresql.org
Tue Aug 12 10:26:23 JST 2014 

Jay,

> Ishii-san,
> 
> I'm not certain what you mean by "is pool_hba.conf setup correctly?" I
> did not change it from the defaults, but yes enable_pool_hba = on.
> 
> I had seen settings on the internet where people had used --md5auth
> option for pg_md5, but I thought md5 was the default. When I used that
> option, it wrote out the response to the pool_passwd file. Without
> that option, it writes to stdout. The problem is that the output
> changes with and without the --md5auth option, but I do understand
> that with enable_pool_hba = on, I don't really need pool_passwd.

pool_passwd, enable_pool_hba, and pool_hba.conf are for md5
authentication against PostgreSQL (and clients). pcp also uses md5
encrypted password stored in pcp.conf. However, the format of md5
password in pool_passwd and pcp.conf are different. pg_md5 emits those
different formats of md5 password.

So, if you just need md5 password for pcp.conf, do not use --md5auth
option.

> I had
> to get some value into the pcp.conf filem and if I copied the value
> delivered to stdout into the file, it worked.

Yes, this is the correct way to set up pcp.conf.

> If I copied the value
> written by pg_md5 into the pool_passwd file instead into pcp.conf, I
> get AuthorizationError when I try to run any pcp commands.
> 
> I'm really not certain if I'm doing anything wrong here.
> 
> --
> Jay
> 
> On 8/11/2014 11:36 AM, Tatsuo Ishii wrote:
>>> Hi all,
>>>
>>> I was trying to document my procedure for setting up pgpool for my QA
>>> folks when I stumbled across an issue with pg_md5.
>>>
>>> If I issue: /usr/bin/pg_md5 --md5auth <password> where <password> is
>>> the user's actual password, pg_md5 writes an entry to the pool_passwd
>>> file like:
>>>
>>> postgres:md5a004267ea750b79e526724833f42133
>>>
>>> but if I issue the command as /usr/bin/pg_md5 <password> what gets
>>> spit out to terminal is:
>>>
>>> 953674ba4731447e6a7ddaf32b308679
>>>
>>> Now, I know md5 can have multiple strings evaluate to the same answer,
>>> but the value written into the pool_passwd file does NOT work,
>> Are you sure that:
>>
>> enable_pool_hba = on
>>
>> in pgpool.conf
>>
>> and set up pool_hba.conf correctly?
>>
>>> whereas, if I edit the pool_passwd file and write the second string
>>> ending in 679 to it, then it does work. I noticed this when I copied
>>> and pasted the entry into the /etc/pgpool-II/pcp.conf file. Attempting
>>> to use any pcp_* command fails authentication with the first string,
>>> but works when the second string is in the file.
>>>
>>> I'm using centO/S 6.5 and V.3.3.3-4 of pgpool if that makes a
>>> difference, but I'd like to know why it works differently in these
>>> cases with one being OK to use, and the other failing miserably.
>>> --
>>> Jay
>>>
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>

More information about the pgpool-general mailing list