[pgpool-general: 3696] Question about authentication with pool_hba

[michail alexakis]

Hello list,

First, i am a complete newbie to pgpool, so please forgive any
misunderstandings i may have. I am experimenting with pgpool in order to
use it in front of a master/standy postgresql cluster (streaming
replication) as the only connection endpoint for several web applications.
I have installed (via APT) pgpool2  3.1.3-5.

I was trying to understand the authentication workflow (and in particular
how pool_hba works). I guessed that pool_hba is there to authenticate
client connections before (re)using an already authenticated connection
from the connection pool (to one of the backends).

I use the following settings:
enable_pool_hba = on
pool_passwd = 'pool_passwd'

I populated pool_passwd (owned by postgres, 0600) using pg_md5 as described
at the official manual:
pg_md5 --md5auth -p -u tester -f /etc/pgpool2/pgpool.conf
and it;s contents are now:
tester:md5c3271fc99b3e8cada6aa9d8b8f0d0938

I have a pool_hba.conf file with an entry (let 192.168.1.0/24 be the
network from where applications connect to pgpool):
host    all         all         192.168.1.0/24        md5

The backend's (only 1 for the time) pg_hba.conf is configured to trust
(method:trust) connections from user "tester" originating from pgpool's
host.

So, i'd expect that when trying to connect to pgpool (e.g. with psql), i
would have been forced to authenticate against pool_passwd's entries, but
instead i passed without a prompt (just like connecting directly to the
backend). Is this the normal behavior?

More generally, i was curious on how exactly are clients authenticated and
mapped to (opened?) connection slots from the pool?

Thanks for your time!

Michail Alexakis,
Software engineer,  RC "Athena", Athens, Greece
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20150510/3553988b/attachment.html>