[pgpool-hackers: 2904] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II

Muhammad Usama m.usama at gmail.com
Wed Aug 1 23:48:03 JST 2018


On Wed, Jul 25, 2018 at 5:34 PM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:

> >> I found that if both allow_clear_text_frontend_auth and
> >> enable_pool_hba are on, then nobody can connect to pgpool.
> >>
> >> t-ishii at localhost: psql -p 11000 test
> >> psql: FATAL:  client authentication failed
> >> DETAIL:  missing or erroneous pool_hba.conf file
> >> HINT:  see pgpool log for details
> >>
> >> This is a disaster and I think It's better for pgpool to refuse
> >> starting. Or maybe we should ignore one of them (and start pgpool)
> >> What do you think?
> >>
> >
> > You must have hit some bug. Its not intentional.
> >
> > Did you provided the valid pool_hba.conf file for this test. I have ran a
> > quick test
> > with valid pool_hba.conf and allow_clear_text_frontend_auth=on and its
> > working
> >
> > Can you please provide the steps to reproduce this issue.
>
> Sure.
>
> 1. Run regression 020.allow_clear_text_frontend_auth test.
>
> 2. cd tests/020.allow_clear_text_frontend_auth/testdir
>
> 3. echo "enable_pool_hba = on" >> etc/pgpool.conf
>
> 4. ./startall
>
> 5. psql -p 11000 test
> psql: FATAL:  client authentication failed
> DETAIL:  missing or erroneous pool_hba.conf file
> HINT:  see pgpool log for details
>


First of all sorry for late response, I got stuck with some high priority
tasks and couldn't get the time for this.

Ok so I am able to reproduce the issue and the reason is pgpool_setup.sh
was not placing the pool_hba.conf file in test directory
and we get the "missing or erroneous pool_hba.conf file" error by following
these above mentioned steps.
I will add the pool_setup.sh changes in the patch.

As far as the behaviour is concerned do you think we should change it. If
enable_pool_hba is set to on in the configuration
but hba file is not found then this error is thrown. which seems to me a
correct behaviour. What is your suggestion on this?

Thanks
Best Regards
Muhammad Usama



> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20180801/ffbd989c/attachment.html>


More information about the pgpool-hackers mailing list