[pgpool-general: 6574] Pgpool-II - PosgreSQL 9.5 MD5 Auth Issues
.biscuitNinja
pgpool at biscuit.ninja
Tue May 28 21:49:48 JST 2019
We are attempting to get Pgpool-II (4.0.4-1.pgdg90+1) working with
PostgreSQL 9.5 (9.5.17-1.pgdg90+1). We are using md5 authentication
between PgPool-II and PostgreSQL.
We cannot get Pgpool-II to successfully authenticate against PostgreSQL.
We have dry-walked the code here:
https://git.postgresql.org/gitweb/?p=pgpool2.git;a=blob;f=src/auth/pool_passwd.c;h=c84136bb44ffac81352504c3dd1ff8279cd7f6c8;hb=HEAD
And reviewed the changes applied to support SCRAM.
It appears to us that there is no logic to handle PASSWORD_TYPE_MD5 and
a password value of 'NULL' is getting returned, resulting in the
authentication failures.
We do have PostgreSQL 10 on our roadmap, but not for a while yet.
Implementing pgpool itself is far more pressing in terms of the issues
we have to resolve.
Is there any suggested way forward in terms of resolving this?
Included below are relevant excerpts from configuration files and log
files. This is from an installation staged in our lab environment so
there's no issue caused by disclosure of the md5 hashes in these excerpts.
Thanks
.biscuitNinja
Excerpts from pgpool.conf:
pool_passwd = 'pool_passwd'
sr_check_user = 'pgpool'
sr_check_password = ''
health_check_user = 'pgpool'
health_check_password = ''
pool_passwd:
pgpool:md50c5eb007937f063ddb8d04b7d8b17b1a
Excerpt from postgreSQL HBA:
host all pgpool samenet md5
pg_shadow passwd:
postgres=# select passwd from pg_shadow
postgres-# where usename = 'pgpool'
postgres-# ;
passwd
-------------------------------------
md50c5eb007937f063ddb8d04b7d8b17b1a
(1 row)
With debug5 logging, we have the following related messages for PgPool-II:
May 28 12:34:17 dpbdc-pool-1 pgpool[8742]: [175-3] 2019-05-28 12:34:17:
pid 8742: LOCATION: wd_lifecheck.c:800
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [610-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: could not get the password for user:pgpool
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [610-2] 2019-05-28 12:34:17:
pid 8736: DETAIL: username "pgpool" has invalid password type: 2
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [610-3] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_passwd.c:525
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [611-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: pool_flush_it: flush size: 39
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [611-2] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_stream.c:633
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [612-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: pool_read: read 13 bytes from backend 0
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [612-2] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_stream.c:194
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [613-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: authenticate kind = 5
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [613-2] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_auth.c:141
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [614-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: pool_write: to backend: 0 kind:p
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [614-2] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_stream.c:450
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [615-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: pool_flush_it: flush size: 41
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [615-2] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_stream.c:633
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [616-1] 2019-05-28 12:34:17:
pid 8736: DEBUG: pool_read: read 96 bytes from backend 0
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [616-2] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_stream.c:194
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [617-1] 2019-05-28 12:34:17:
pid 8736: ERROR: authentication failed
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [617-2] 2019-05-28 12:34:17:
pid 8736: DETAIL: password authentication failed for user "pgpool"
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [617-3] 2019-05-28 12:34:17:
pid 8736: LOCATION: pool_auth.c:1930
May 28 12:34:17 dpbdc-pool-1 pgpool[8736]: [618-1] 2019-05-28 12:34:17:
pid 8736: LOG: find_primary_node: make_persistent_db_connection_noerror
failed on node 0
Corresponding auth failures in postgresql-9.5-main.log:
2019-05-28 12:35:39.843 BST [16780-1] pgpool:[unknown]@postgres
192.168.13.31 FATAL: password authentication failed for user "pgpool"
2019-05-28 12:35:39.843 BST [16780-2] pgpool:[unknown]@postgres
192.168.13.31 DETAIL: Connection matched pg_hba.conf line 103: "host
all pgpool samenet md5"
2019-05-28 12:35:40.849 BST [16781-1] pgpool:[unknown]@postgres
192.168.13.31 FATAL: password authentication failed for user "pgpool"
2019-05-28 12:35:40.849 BST [16781-2] pgpool:[unknown]@postgres
192.168.13.31 DETAIL: Connection matched pg_hba.conf line 103: "host
all pgpool samenet md5"
More information about the pgpool-general
mailing list