[pgpool-general: 5921] Re: Any alternative ideas to using pool_passwd for MD5 authentication

Pierre Timmermans ptim007 at yahoo.com
Thu Feb 15 05:21:06 JST 2018 

Hi,
I run pgpool in docker and so I regenerate all files (pgpool config file, pool_pwd, the status file /tmp/pgpool_status) when the container starts (it is a best practice in docker because the normal workflow is to remove the container when it is stopped and to not use host mounted directories especially when in a swarm context)
So in the entrypoint of my container I have this code snippet to generate the file from the database. The variable DBHOST is computed before earlyer in the script
That's the logic in shell:
echo "Generate pool_passwd file from ${DBHOST}"
touch ${CONFIG_DIR}/pool_passwd

ssh -p 222 postgres@${DBHOST} "psql -c \"select rolname,rolpassword from pg_authid;\"" | awk 'BEGIN {FS="|"}{print $1" "$2}' | grep md5 | while read f1 f2

do

 # delete the line and recreate it

 echo "setting passwd of $f1 in ${CONFIG_DIR}/pool_passwd"

 sed -i -e "/^${f1}:/d" ${CONFIG_DIR}/pool_passwd

 echo $f1:$f2 >> ${CONFIG_DIR}/pool_passwd

done
My Docker file is here: https://github.com/saule1508/pgcluster/tree/develop/pgpool



Pierre 

    On Wednesday, February 14, 2018, 8:57:41 PM GMT+1, Ken Young <Ken.Young at sas.com> wrote:  
 
  
Hey folks,
 
  
 
Is there any alternative to using the pool_passwd file to maintain the user/password list  for PostgreSQL MD5 authentication?  This works well for us in typical hardware scenarios.  However, maintaining and updating the pool_passwd file when new users are added or passwords are changed is more challenging in a more restrictive cloud or docker environment.  Has anyone devised a best practice or better way of handling PostgreSQL user account changes for when user authentication is required?  A different authentication method, perhaps?
 
  
 
  
 
Ken Young
 
Ken.Young at sas.com
Data Management R&D
SAS Institute, Inc.
919-531-9319
 
http://www.sas.com
 
SAS...  The Power to Know
 
  
 
  
 _______________________________________________
pgpool-general mailing list
pgpool-general at pgpool.net
http://www.pgpool.net/mailman/listinfo/pgpool-general
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20180214/9a9fa76a/attachment-0001.html>

More information about the pgpool-general mailing list