[pgpool-general: 4045] Re: MD5 authentication

Thomas SIMON tsimon at neteven.com
Wed Sep 9 17:12:59 JST 2015 

>> Thomas
>>
>> Le 08/09/2015 17:34, Pablo Sanchez a écrit :
>>> [ Comments below, in-line ]
>>>
>>> On 09/08/2015 11:27 AM, Thomas SIMON wrote:
>>>>> On 09/08/2015 11:11 AM, Thomas SIMON wrote:
>>>> Hi Pablo
>>> Hey Thomas
>>>
>>>> I have following lines :
>>>>
>>>> local   all             postgres trust
>>>> local   all             all trust
>>>> host    all         all             127.0.0.1/32 trust
>>> Assuming your PGPool set up is not on the same server as the DB
>>> server, the above entries are fine.
>>>
>>>> host    all         all 172.20.0.101/32         trust
>>> The above isn't pgpool's IP eh?  172.20.0.101?
>> No, this is the IP of my second pgpool instance in my private
>> network. (I usea a virtual IP , and healthcheck between the two
>> instances)
>>>> I have this parameters enabled, and pool_hba.conf is loaded, because
>>>> if
>>>> I try to come from another IP, I have an negative answer from it
>>>> ERROR: no pool_hba.conf entry for host "1.2.3.4", user "toto",
>>>> database
>>>> "db1", SSL on
>>> Have you confirmed the -a setting?
>> I use debian packaged version of pgpool2, so I launch it via init.d
>> script, but I can confirm you /etc/pgpool2/pool_hba.conf is loaded (by
>> default)
>> I run pgpool by specifying file with -a, I have the same issue.
> To enable the md5 auth on pgpool-II, md5 auth must be enabled on
> PostgreSQL side as well. It is possible that PostgreSQL thinks that
> incoming IP address (that is the IP address on which pgpool-II is
> running) does not require md5 auth. I think you can make sure the
> incoming IP for PostgreSQL is correct by enabling log_connections
> parameter of PostgreSQL.
Hi Tatsuo,
If I enable md5 auth in both postgresql (master & slave), it doesn't 
work, and I have following message (independently if I use trust or md5 
method on pgpool) :

pg_hba.conf :
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5



/pool_read_message_length: message length (8) in slot 1 does not match 
with slot 0(12)//
//2015-09-09T10:07:16.285644+02:00 pg1 pgpool[1007]: Failed to read the 
authentication packet length. This is likely caused by the inconsistency 
of auth method among DB nodes. In this case you can check the previous 
error messages (hint: length field) from pool_read_message_length and 
recheck the pg_hba.conf settings.//
/

>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20150909/01b1e90c/attachment.htm>

More information about the pgpool-general mailing list