[pgpool-general: 4550] Re: md5 authentication without pool_passwd

[Tatsuo Ishii]

>> The problem with your idea is, client needs to send a clear text
>> password to pgpool-II, that is regarded bad from modern security
>> design's point of view.
>>
> 
> maybe I'm missing something obvious here.
> If hashing algorithm is the same, why pgpool cannot receive hashed password
> and pass it untouched to PostgreSQL?
> Best regards,

Because in the md5 authentication, PostgreSQL uses random number
called "salt" for authentication. The salt is not only a random number
but differs among each backend.

For your information, here is what pgpool-II does in the current md5
implementation.

1) PostgreSQL and pgpool stores md5(password+username) into
pool_password or pg_authid. From now on I denote string
"password+username" as "S"

2) When md5 auth is requested, pgpool sends a random number salt "s0"
to frontend.

3) Frontend replies back to pgpool with md5(S+s0).

4) pgpool extracts S from ppool_passwd and calculate md5(S+s0). If #3
and #4 matches, goes to next step.

5) Each backend sends salt to pgpool. Suppose we have two backends b1
and b2, and salts are s1 and s2.

6) pgpool extracts S from ppool_passwd and calculate md5(S+s1) and send
it to b1.  pgpool extracts S from ppool_passwd and calculate md5(S+s2)
and send it to b2.

7) If b1 and b2 agree with the authentication, the whole md5 auth
process succeeds.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp