[pgpool-hackers: 4075] Re: Proposal: add validations of wd_lifecheck_password and recovery_password format.
Tatsuo Ishii
ishii at sraoss.co.jp
Sun Dec 12 20:40:29 JST 2021
> Hi,
>
> wd_lifecheck_password and recovery_password are not allowed to be md5 hashed format
> but pgppol dont check their password format.
>
> I think this proposal will help users to know why pcp_recovery_node fails and authentication
> failure appears in pgpool log.
>
> What do you think?
Unfortunately the proposal made many regression failures. The reason
for this is that pcp_recovery_node failed because pgpool_setup creates
following:
pgpool.conf:
recovery_user = 't-ishii'
recovery_password = ''
pool_passwd:
t-ishii:md5a16f9d87e344969ec59de417447348b3
pcp_recovery_node finds recovery_password = '' and then looks into
pool_passwd then finds the password format is md5. So it complains and
raises an error. However, pg_hba.conf is set that auth method for
"t-ishii" is "trust", so pcp_recovery_node should happily connect to
PostgreSQL. But now the new check prevents pcp_recovery_node from
trying to connect to PostgreSQL.
I think the check should be performed after:
conn = connect_backend_libpq(backend);
this fails.
Probably same thing can be saild to wd_lifecheck_password.
Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list