[pgpool-general: 8687] password file format
Todd Stein
todd.stein at microfocus.com
Wed Mar 29 23:52:03 JST 2023
Hi,
Will someone please correct or confirm my assumption of the SCRAM-SHA-256 password file format for $HOME/.pgpass and $HOME/.pcppass files?
I'm not sure if I should be using the password with the AES prefix outside of the pool_password file or not. For example in the .pgpass and/or .pcppass files.
$ pg_enc -k ~/.pgpoolkey -u postgres -p
db password:
trying to read key from file /var/lib/pgsql/.pgpoolkey
P1+l8j3GaTxzSBgcY1laEQ==
pool_passwd string: AESP1+l8j3GaTxzSBgcY1laEQ==
My understanding (please correct me if I'm wrong), is that the pcp.conf file must use md5 encryption regardless of what your password_encryption in the DB is. The pool_password file (when using scram-sha-256 encryption) requires the string it gets automatically (which includes the AES prefix) by the pg_enc command when providing the "-m" attribute.
However, I've not been able to find anything documented for the password files. I'm pretty sure I've seen that if I were to use an encrypted password (scram-sha-256) in the pgpool.conf file, it must include the AES prefix.
In my testing I find that if the password in ~/.pgpass includes the AES prefix in the encrypted password, I get password authentication failed for user "postgres" when the system tries to start a replication slot.
Regards,
Todd Stein
OpsBridge Technical Success
OpenText
(Cell) +1 (941) 248-8752
tstein2 at opentext.com<mailto:tstein2 at opentext.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20230329/9f32eaee/attachment.htm>
More information about the pgpool-general
mailing list