[pgpool-general: 6645] Re: pgpool Authentication
temp temp
ttemp666 at gmail.com
Wed Jul 10 17:49:44 JST 2019
> So it doesn't matter if enable_pool_hba = off, pgpool still do the
> authentication with client for cached connections
> And in this case if pool_passwd file not present, authentication should
> fail ?
>No, if backend requires authentication (i.e. other than ">trust") and
(>enable_pool_hba = off or pool_passwd is not present), >authentication
>will fail.
In my case , enable_pool_hba is off and pool_passwd is not present still
authentication for cached connection is successful.
On Wed, Jul 10, 2019, 13:46 Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> >> Yes, Pgpool-II does not do any authetication against PostgreSQL for
> > cached connections because it's already authenticated. For the
> >> authentication between clients and Pgpool-II, Pgpool-II always does it
> >> using pool_passwd.
> >
> > So it doesn't matter if enable_pool_hba = off, pgpool still do the
> > authentication with client for cached connections
> > And in this case if pool_passwd file not present, authentication should
> > fail ?
>
> No, if backend requires authentication (i.e. other than "trust") and
> (enable_pool_hba = off or pool_passwd is not present), authentication
> will fail.
>
> > On Wed, Jul 10, 2019 at 1:06 PM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:
> >
> >> > Hi Tatsuo,
> >> >
> >> > I will share it in a bit (Will have to set it up again pgpool and DB,
> so
> >> it
> >> > will take little time)
> >> >
> >> > I have one more question regardless of previous case
> >> > Suppose enable_pool_hba = off and at DB level only we are doing
> >> > authentication, so in case for cached connection (pgpool to DB), how
> >> pgpool
> >> > authorized client because in that case connection is already there
> >> between
> >> > pgpool to DB
> >>
> >> Yes, Pgpool-II does not do any authetication against PostgreSQL for
> >> cached connections because it's already authenticated. For the
> >> authentication between clients and Pgpool-II, Pgpool-II always does it
> >> using pool_passwd.
> >>
> >> > Thanks,
> >> > Vandy
> >> >
> >> > On Wed, Jul 10, 2019 at 12:26 PM Tatsuo Ishii <ishii at sraoss.co.jp>
> >> wrote:
> >> >
> >> >> All right. Can you please provide pgpool.conf and full debug log when
> >> >> you execute:
> >> >>
> >> >> psql -U mpsroot -p 5432 -h 192.168.1.233 mpsdb
> >> >>
> >> >> (You need to add "log_min_messages = debug5" to pgpool.conf and
> >> >> restart Pgpool-II).
> >> >>
> >> >> > Hi Tatsuo,
> >> >> >
> >> >> > PostgreSQL is running on 192.168.1.103
> >> >> >
> >> >> > On Wed, Jul 10, 2019 at 11:59 AM Tatsuo Ishii <ishii at sraoss.co.jp>
> >> >> wrote:
> >> >> >
> >> >> >> What is the IP address of the host which PostgreSQL is running on?
> >> >> >> (I assume that Pgpool-II is running on 192.168.1.233).
> >> >> >>
> >> >> >> > Hi Tatsuo,
> >> >> >> >
> >> >> >> > When i directly connect to PostgreSQL, it does ask for password
> >> >> >> >
> >> >> >> > On Wed, Jul 10, 2019 at 3:54 AM Tatsuo Ishii <
> ishii at sraoss.co.jp>
> >> >> wrote:
> >> >> >> >
> >> >> >> >> > ---------- Forwarded message ---------
> >> >> >> >> > From: temp temp <ttemp666 at gmail.com>
> >> >> >> >> > Date: Tue, Jul 9, 2019 at 10:38 PM
> >> >> >> >> > Subject: Re: [pgpool-general: 6626] pgpool Authentication
> >> >> >> >> > To: Tatsuo Ishii <ishii at sraoss.co.jp>
> >> >> >> >> >
> >> >> >> >> >
> >> >> >> >> >> Regarding pgpool authentication (pgpool 4.2)
> >> >> >> >> >>
> >> >> >> >> >> >There's no such a version "4.2". You mean 4.0?
> >> >> >> >> >> My mistake, its 4.0
> >> >> >> >> >>
> >> >> >> >> >> > Configuration are
> >> >> >> >> >> >
> >> >> >> >> >> > pgpool.conf
> >> >> >> >> >> > enable_pool_hba = on
> >> >> >> >> >> >
> >> >> >> >> >> > pool_hba.conf
> >> >> >> >> >> > host all all all md5
> >> >> >> >> >> > local all all
> >> >> md5
> >> >> >> >> >>
> >> >> >> >> >> >What is your pg_hba.conf?
> >> >> >> >> >>
> >> >> >> >> >> > pool_passwd
> >> >> >> >> >> > postgres: "someValue"
> >> >> >> >> >> > mpspostgres: "someValue"
> >> >> >> >> >> >
> >> >> >> >> >> > When i tried to connection to pgpool (with password as
> >> >> >> "someValue")
> >> >> >> >> >> > psql -U mpsroot -p 5432 -h 192.168.1.233 mpsdb
> >> >> >> >> >> >
> >> >> >> >> >> > Que 1 :I am successfully able to connection even though
> >> password
> >> >> >> for
> >> >> >> >> >> > mpsroot user is not present in pool_passwd file and
> >> axxording to
> >> >> >> >> >> >
> >> >> >> >> >> >
> >> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >>
> >>
> https://pgpool.net/mediawiki/index.php/FAQ#I_created_pool_hba.conf_and_pool_passwd_to_enable_md5_authentication_through_pgpool-II_but_it_does_not_work._Why.3F
> >> >> >> >> >> > Auth should fail
> >> >> >> >> >>
> >> >> >> >> >> >Probably you are of the pattern in the FAQ above.
> >> >> >> >> >>
> >> >> >> >> >> >pg_hba.conf pool_hba.conf pool_passwd result
> >> >> >> >> >> >------------------------------------------------------
> >> >> >> >> >> >trust md5 yes no auth
> >> >> >> >> >>
> >> >> >> >> >> I don't think above pattern is hit, because i don't have
> >> password
> >> >> >> >> mpsroot
> >> >> >> >> >> in pool_passwd
> >> >> >> >> >>
> >> >> >> >> >> >If not, please share pg_hba.conf.
> >> >> >> >> >>
> >> >> >> >> >> pg_hba.conf
> >> >> >> >> >>
> >> >> >> >> >> local all all
> >> >> trust
> >> >> >> >> >> host all all 127.0.0.1/32
> >> >> md5
> >> >> >> >> >> host all all 0.0.0.0/0
> >> md5
> >> >> >> >> >> host replication primaryuser 0.0.0.0/0
> >> md5
> >> >> >> >>
> >> >> >> >> When you directly connect to PostgreSQL (no via Pgpool-II),
> does
> >> >> >> >> PostgreSQL ask password?
> >> >> >> >> --
> >> >> >> >> Tatsuo Ishii
> >> >> >> >> SRA OSS, Inc. Japan
> >> >> >> >> English: http://www.sraoss.co.jp/index_en.php
> >> >> >> >> Japanese:http://www.sraoss.co.jp
> >> >> >> >>
> >> >> >>
> >> >>
> >>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-general/attachments/20190710/10fb38c6/attachment-0001.html>
More information about the pgpool-general
mailing list