[pgpool-hackers: 2981] Re: Pgpool-II 4.0 vs. pool_passwd
jesper.pedersen at redhat.com
Wed Aug 22 21:32:31 JST 2018
On 08/21/2018 08:47 AM, Tatsuo Ishii wrote:
>> Yes, I have all 3 types defined in my pool_passwd, with
>> enable_pool_hba = on
>> allow_clear_text_frontend_auth = off
> But since we allow clear text password in pool_passwd, we cannot judge
> whether this line is AES256 or clear text password,
> we could interpret this either as a clear text entry with password
> string "AESc7iO9vVbTxOaY+JSWTbPqA==" or AES256 encrypted entry, no?
>> and no passwords defined in pgpool.conf. The key is read from
> I assume .pgpoolkey contains encrytion key for AES256.
>>> Also I wonder we can safely mix up md5/AES256 formats in pool_passwd
>>> because I see corrpuption in pool_passwd if I update one of the
>> That is
>> which also exists on stable branches for a mix of plain text and MD5
> In my understanding, pool_passwd does not allow clear text password on
> stable branches.
Ah, sorry - I assumed that, since it wasn't listed in the release notes.
More information about the pgpool-hackers