[pgpool-general: 7304] Re: No TCP/IP connection to Pgpool on RHEL 8.2

Anssi Kanninen anssi at iki.fi
Tue Sep 22 23:17:04 JST 2020 

This is resolved now for pgpool. Thank you very much again!

Does anybody know how to disable GSSAPI authentication of psql client?

Cheers,
   - Anssi

On Tue, 22 Sep 2020, Anssi Kanninen wrote:

> Oh yes...
> Thank you very much, this may solve the whole problem.
>
>
> On Tue, 22 Sep 2020, Tatsuo Ishii wrote:
>
>> Yes, Major = 1234, Minor = 5680 means GSSAPI authentication request.
>> Unfortunately Pgpool-II does not support GSSAPI (yet).
>> 
>> Best regards,
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese:http://www.sraoss.co.jp
>> 
>>> Could it be something to do with GSSAPI authentication? We are not
>>> using it with DB connections. With root user, it doesn't inform about
>>> it. As a regular user, psql gives us a GSSAPI authentication error.
>>> 
>>> On Tue, 22 Sep 2020, Anssi Kanninen wrote:
>>> 
>>>> Update: It works if the client running psql is root or postgres. If it
>>>> is a regular user, the connection fails.
>>>> 
>>>> On Sun, 20 Sep 2020, Anssi Kanninen wrote:
>>>> 
>>>>> Customer's network engineers are also investigating this for a
>>>>> possible firewall rule problem.
>>>>> On 18 September 2020 11:31:41 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>> wrote:
>>>>> Thank you!
>>>>> Here is some more info. I made some comparison of the TCP traffic when
>>>>> connected to Pgpool or straight to PostgreSQL.
>>>>> See attachments:
>>>>> * cmd-pgpool.txt
>>>>> The command and response when connected to Pgpool.
>>>>> * tcpdump-pgpool.txt
>>>>> A dump of TCP traffic to/from PgPool port when executed the command
>>>>> above.
>>>>> * cmd-postgres.txt
>>>>> The command and response when connected straight to PostgreSQL.
>>>>> * tcpdump-postgres.txt
>>>>> A dump of TCP traffic to/from PostgreSQL port when executed the
>>>>> command above.
>>>>> Strangely, it seems that the database name and user name never reached
>>>>> Pgpool.
>>>>> Hope this helps,
>>>>>    - Anssi
>>>>> On Fri, 18 Sep 2020, Bo Peng wrote:
>>>>>  Hi,
>>>>>  Thank you for reporting this issue.
>>>>>  I am going to look into this one.
>>>>>  On Fri, 18 Sep 2020 02:47:24 +0300
>>>>>  Anssi Kanninen <anssi at iki.fi> wrote:
>>>>>  Software versions are the same on both systems:
>>>>>  PostgreSQL 12.2
>>>>>  Pgpool 4.1.3
>>>>>  On 18 September 2020 02:31:11 EEST, Anssi Kanninen <anssi at iki.fi>
>>>>>  wrote:
>>>>>  Hello,
>>>>>  My Pgpool doesn't work on RHEL 8.2.
>>>>>  Eveythins runs smoothly on my Centos 8.1.1911 virtual machines but
>>>>>  when
>>>>>  I
>>>>>  transfer the same Pgpool/PostgreSQL configuration to customer's RHEL
>>>>>  8.2,
>>>>>  I can not connect to Pgpool via TCP/IP.
>>>>>  Here is a clip of my log on Centos when I successfully fail to
>>>>>  authenticate (x.x.x.x is a wrong interface, so this error is
>>>>>  expected).
>>>>>  So, "user" and "database" are show in the log.
>>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-1] pid 6616: ERROR: failed
>>>>>  to authenticate
>>>>>  Sep 16 16:04:35 centos8i1 pgpool[6616]: [33-2] pid 6616: DETAIL:  no
>>>>>  pg_hba.conf entry for host "x.x.x.x", user "pgpool", database
>>>>>  "postgres", SSL off
>>>>>  Here is log of successful connection. Protocol Major is 3 and Minor is
>>>>>  0.
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-1] pid 27853: DEBUG:
>>>>>  reading startup packet
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [26-2] pid 27853: DETAIL:
>>>>>  application_name: psql
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-1] pid 27853: DEBUG:
>>>>>  reading startup packet
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [27-2] pid 27853: DETAIL:
>>>>>  Protocol Major: 3 Minor: 0 database: postgres user: pgpool
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-1] pid 27853: DEBUG:
>>>>>  creating new connection to backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [28-2] pid 27853: DETAIL:
>>>>>  connecting 0 backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-1] pid 27853: DEBUG:
>>>>>  creating new connection to backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [29-2] pid 27853: DETAIL:
>>>>>  connecting 1 backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-1] pid 27853: DEBUG:
>>>>>  creating new connection to backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [30-2] pid 27853: DETAIL:
>>>>>  connecting 2 backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-1] pid 27853: DEBUG:
>>>>>  authentication backend
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [31-2] pid 27853: DETAIL:
>>>>>  auth kind:10
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-1] pid 27853: DEBUG:
>>>>>  authentication backend 0
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [32-2] pid 27853: DETAIL:
>>>>>  trying SCRAM authentication
>>>>>  Sep 18 02:07:28 centos8i1 pgpool[27853]: [33-1] pid 27853: DEBUG:
>>>>>  SCRAM authentication successful for backend 0
>>>>>  So, the above works.
>>>>>  But then I transfer the same configuration to the customer's RHEL 8.2,
>>>>>  the
>>>>>  same connection attempt shows this:
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [262-1] pid 348681:
>>>>>  DEBUG:  I am 348681 accept fd 8
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-1] pid 348681:
>>>>>  DEBUG:  reading startup packet
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [263-2] pid 348681:
>>>>>  DETAIL:  Protocol Major: 1234 Minor: 5680 database:  user:
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-1] pid 348681:
>>>>>  FATAL:  client authentication failed
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-2] pid 348681:
>>>>>  DETAIL:  no pool_hba.conf entry for host "x.x.x.x", user "", database
>>>>>  "", SSL off
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348681]: [264-3] pid 348681:
>>>>>  HINT:  see pgpool log for details
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [46-1] pid 348612:
>>>>>  DEBUG:  reaper handler
>>>>>  Sep 18 01:48:31 haketikuqadb01 pgpool[348612]: [47-1] pid 348612: LOG:
>>>>>  child process with pid: 348681 exits with status 512
>>>>>  Protocol Major and Minor numbers look strange and why the database
>>>>>  name
>>>>>  and user name are empty? Did it fail to read the incoming packet for
>>>>>  some
>>>>>  reason? The connection was local but thru TCP/IP network interface.
>>>>>  Linux
>>>>>  firewall was used but same ports were open on both clusters. SELinux
>>>>>  is
>>>>>  in
>>>>>  use.
>>>>>  Psql client responds like this:
>>>>>  psql: error: could not connect to server: server closed the connection
>>>>>  unexpectedly
>>>>>          This propably means the server terminated abnormally
>>>>>          before or while processing the request.
>>>>>  Here is my pool_hba.conf:
>>>>>  local   all         all                               trust
>>>>>  host    all         all         127.0.0.1/32          trust
>>>>>  host    all         all         ::1/128               trust
>>>>>  host    all         pgpool      samenet               scram-sha-256
>>>>>  host    all         postgres    samenet               scram-sha-256
>>>>>  My pool_passwd looks like this:
>>>>>  postgres:AESmyencryptedpassword==
>>>>>  pgpool:AESmyencryptedpassword==
>>>>>  The psql command was as follows and the password was correct:
>>>>>  $ psql -h x.x.x.x postgres pgpool -w
>>>>>  So, something is different on our RHEL but what?
>>>>>  Best regards,
>>>>>    Anssi
>>>>> ______________________________________________________________________________________________________________
>>>>>  pgpool-general mailing list
>>>>>  pgpool-general at pgpool.net
>>>>>  http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>>>  --
>>>>>  Bo Peng <pengbo at sraoss.co.jp>
>>>>>  SRA OSS, Inc. Japan
>>>>> 
>>>> 
>>>> --
>>>> anssi at iki.fi
>>>> _______________________________________________
>>>> pgpool-general mailing list
>>>> pgpool-general at pgpool.net
>>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>>>> 
>>> 
>>> --
>>> anssi at iki.fi
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
>> 
>
> -- 
> anssi at iki.fi
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
>

-- 
anssi at iki.fi

More information about the pgpool-general mailing list