[pgpool-general: 4550] Re: md5 authentication without pool_passwd
Tatsuo Ishii
ishii at postgresql.org
Tue Mar 15 17:14:05 JST 2016
>> The problem with your idea is, client needs to send a clear text
>> password to pgpool-II, that is regarded bad from modern security
>> design's point of view.
>>
>
> maybe I'm missing something obvious here.
> If hashing algorithm is the same, why pgpool cannot receive hashed password
> and pass it untouched to PostgreSQL?
> Best regards,
Because in the md5 authentication, PostgreSQL uses random number
called "salt" for authentication. The salt is not only a random number
but differs among each backend.
For your information, here is what pgpool-II does in the current md5
implementation.
1) PostgreSQL and pgpool stores md5(password+username) into
pool_password or pg_authid. From now on I denote string
"password+username" as "S"
2) When md5 auth is requested, pgpool sends a random number salt "s0"
to frontend.
3) Frontend replies back to pgpool with md5(S+s0).
4) pgpool extracts S from ppool_passwd and calculate md5(S+s0). If #3
and #4 matches, goes to next step.
5) Each backend sends salt to pgpool. Suppose we have two backends b1
and b2, and salts are s1 and s2.
6) pgpool extracts S from ppool_passwd and calculate md5(S+s1) and send
it to b1. pgpool extracts S from ppool_passwd and calculate md5(S+s2)
and send it to b2.
7) If b1 and b2 agree with the authentication, the whole md5 auth
process succeeds.
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-general
mailing list