[pgpool-general: 6627] Re: pgpool Authentication

Tatsuo Ishii ishii at sraoss.co.jp
Tue Jul 9 15:47:15 JST 2019 

> Regarding pgpool authentication (pgpool 4.2)

There's no such a version "4.2". You mean 4.0?

> Configuration are
> 
> pgpool.conf
> enable_pool_hba = on
> 
> pool_hba.conf
> host    all             all     all    md5
> local   all             all                                    md5

What is your pg_hba.conf?

> pool_passwd
> postgres: "someValue"
> mpspostgres: "someValue"
> 
> When i tried to connection to pgpool  (with password as "someValue")
> psql  -U mpsroot -p 5432 -h 192.168.1.233 mpsdb
> 
> Que 1 :I am successfully able to connection even though password for
> mpsroot user is not present in pool_passwd file and axxording to
> 
> https://pgpool.net/mediawiki/index.php/FAQ#I_created_pool_hba.conf_and_pool_passwd_to_enable_md5_authentication_through_pgpool-II_but_it_does_not_work._Why.3F
>        Auth should fail

Probably you are of the pattern in the FAQ above.

pg_hba.conf 	pool_hba.conf 	pool_passwd 	result
------------------------------------------------------
trust		md5		yes		no auth 

If not, please share pg_hba.conf.

> Que 2: In pgpool authentication, between client to pgpool and pgpool to
> backend DB Why both password have to be same .

By design.

> Que 3: From client when i give a password in connection string , is same
> password use for authenticating the client at pgpool and authentication the
> client at backend DB

Yes.

> Que 3: what if we want authentication at back-end (DB) node only , not at
> pgpool
> In that case pgpool send a password from pool_passswd file or whatever the
> password client passes in connection string

See "allow_clear_text_frontend_auth" in:
http://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#RUNTIME-CONFIG-AUTHENTICATION-SETTINGS

> Que 4: If DB has authentication on, do we need a authentication at pgpool
> level.

It's up to you.

> Que5 : In case we only enable authentication at DB not at pgpool, for
> cached connection from pgpool to DB , do client still need to authorized.

Yes.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

More information about the pgpool-general mailing list