[pgpool-hackers: 2859] Re: Oversight on md5 authentication

[Tatsuo Ishii]

I decided to make the fix into master and 3.7 stable tree.
Probably not worth to back-patch to 3.6 or older branches.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

> While taking care of issue 411,
> 
> https://www.pgpool.net/mantisbt/view.php?id=411
> 
> I noticed that Pgpool-II requires pool_passwd for md5 authentication
> in raw mode case when they are actually not necessary. In the raw
> mode, Pgpool-II only connects to 1 backend. So it should be treated
> same as the case when there is only 1 backend (which is already
> treated sanely).
> 
> The fix is trivial and I could back patch it to the all supported
> branches. However, this would change the behavior md5 auth in the raw
> mode.
> 
> Today: users need to sync pool_passwd with PostgreSQL's password even
> in the raw mode.
> 
> After patching: client supplied password is only validated against
> PostgreSQL's password. pool_passwd is not consulted anymore.
> 
> I guess the behavior change would be welcomed by all raw mode/md5
> users since it frees users from maintaining two separate passwords.
> 
> But I would like make sure that I do not miss anything before
> back patching the fix.
> 
> Comments?
> 
> Maybe needless to say, but the patch does not change behaviors in
> streaming replication mode and native replication mode, having more
> than 1 backend.
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
> _______________________________________________
> pgpool-hackers mailing list
> pgpool-hackers at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-hackers