[pgpool-general: 4046] Re: MD5 authentication
Tatsuo Ishii
ishii at postgresql.org
Wed Sep 9 17:43:37 JST 2015
>> To enable the md5 auth on pgpool-II, md5 auth must be enabled on
>> PostgreSQL side as well. It is possible that PostgreSQL thinks that
>> incoming IP address (that is the IP address on which pgpool-II is
>> running) does not require md5 auth. I think you can make sure the
>> incoming IP for PostgreSQL is correct by enabling log_connections
>> parameter of PostgreSQL.
> Hi Tatsuo,
> If I enable md5 auth in both postgresql (master & slave), it doesn't
> work, and I have following message (independently if I use trust or
> md5 method on pgpool) :
So at the time when you were asked password, you mistakenly set trust
on PostgreSQL side.
> pg_hba.conf :
> # IPv4 local connections:
> host all all 127.0.0.1/32 md5
>
>
>
> /pool_read_message_length: message length (8) in slot 1 does not match
> with slot 0(12)//
> //2015-09-09T10:07:16.285644+02:00 pg1 pgpool[1007]: Failed to read
> the authentication packet length. This is likely caused by the
> inconsistency of auth method among DB nodes. In this case you can
> check the previous error messages (hint: length field) from
> pool_read_message_length and recheck the pg_hba.conf settings.//
> /
Probably you set md5 auth on master but you set trust auth on slave
(assuming host1 in pgpool.conf is slave), because the message length 8
means the trust auth and 12 means the md5 auth (message length 8 and
12 do not necessarily mean the trust and md5 auth, but in this case
your choices are either trust or md5 and I can safely guess that).
(or you forgot to reload PostgreSQL after changing pg_hba.conf).
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-general
mailing list