[pgpool-general: 7940] Re: Pgpool docker image md5 authentification issue

Bo Peng pengbo at sraoss.co.jp
Thu Dec 16 17:05:11 JST 2021 

Hello,

> Our Pgpool runs on Kubernetes and we use it most often as a load balancer.
> When the PostgreSQL connection was trusted without requiring a password, 
> everything was fine.
> 
> Now we decided to connect to PG with password in md5 mode and got a 
> problem with Pgpool. We receive messages like this:
>    "ERROR: Could not authenticate with backend using md5"
>    "Detail: no valid password found"
> 
> Pgpool fails user authentication while we add an entry to the 
> pool_passwd file with md5 username and password.
> This pool_passwd file contains only one user and password entry, which I 
> specify in the POSTGRES_USERNAME and POSTGRES_PASSWORD env variables.
> Pgpool runs in docker image pgpool / pgpool: 4.2.2 in k8s.
> 
> Can anyone answer two questions, at least one:
> 
> 1.Is there any parameters or env variable in this docker image to enter 
> more than one user entry into the pool_passwd file in the docker image

You can specify the env variables like below:

TESTUSER1_USERNAME: test1
TESTUSER1_PASSWORD: password
TESTUSER2_USERNAME: test2
TESTUSER2_PASSWORD: password

Then pool_passwd will be created like:
 
test1:"md5hasedpassword"
test2:"md5hasedpassword"

TESTUSER1 or TESTUSER2 ... can be any string.

> 2. Is it possible to pass md5 authentication directly to PostgreSQL 
> without checking the password on Pgpool.

You can specify "password" auth between client and Pgpool in pool_hba.conf.
If you use "password" auth, the "user:password" entry is not mandatory in pool_passwd,
and you can specify any authentication methods (e.g. md5, scram-sha-256) in PostgreSQL.
I strongly recommend that you use ssl communication, 
when you use "password" auth between client and Pgpool.

If you are using the config map of this repo "https://github.com/pgpool/pgpool2_on_k8s",
you can modify pgpool-configmap.yaml like:

data:
  pgpool.conf: |-
  ...
    ssl = on
    enable_pool_hba = on

  pool_hba.conf: |-
    hostssl    all         all         0.0.0.0/0             password


> Help, please, the problem is very critical for us.
> 
> We will be very grateful for any help or in the direction of where to 
> move in deciding .
> 
> Thanks in advance.
> 
> 
> -- 
> Regards,
>     Nikolay
> 
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan
http://www.sraoss.co.jp/

More information about the pgpool-general mailing list