[pgpool-general: 9435] Re: scram-sha-256 Authentication
Achilleas Mantzios
a.mantzios at cloud.gatewaynet.com
Sun Apr 27 03:36:49 JST 2025
On 26/4/25 20:19, Sbob wrote:
>
> All;
>
> I have setup authentication where I have an md5 line in the
> pool_hba.conf file for a user and I have an md5 password entry for the
> user in the pool_passwd file, and the backend db is using scram_sha_256
>
> I would like to setup the pool users to use scram sha 256 as well. I
> see in the docs that I should use pg_enc to create the entry in the
> pool_passwd file, however pg_enc is complaining about a key file.
>
> I do not understand where I should put the keyfile and what I should
> put in the keyfile.
>
> I assume that AES is the same as scram sha 256?
>
> I see this in the docs:
>
> If you have AES encrypted passwords stored in the pool_passwd
> <https://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#GUC-POOL-PASSWD>
> file, then Pgpool-II will require the decryption key to decrypt the
> passwords before using them, Pgpool-II tries to read the decryption
> key at startup from the .pgpoolkey file. .pgpoolkey is a plain text
> file which contains the decryption key string.
>
> By default the Pgpool-II will look for the .pgpoolkey file in the
> user's home directory or the file referenced by environment variable
> PGPOOLKEYFILE. You can also specify the key file using the (-k,
> --key-file=KEY_FILE) command line argument to the pgpool
> <https://www.pgpool.net/docs/latest/en/html/pgpool.html> command. The
> permissions on .pgpoolkey must disallow any access to world or group.
> Change the file permissions by the command chmod 0600 ~/.pgpoolkey.
>
>
> but I am still un-sure what I put in the keyfile
>
https://www.pgpool.net/docs/latest/en/html/auth-aes-encrypted-password.html
~/.pgpoolkey
>
> Thanks in advance
>
>
>
>
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20250426/24be095a/attachment.htm>
More information about the pgpool-general
mailing list