[pgpool-general: 1934] Re: PCP client authentication question
ishii at postgresql.org
Thu Jul 25 09:13:26 JST 2013
> I'm setting up a pgpool-2 cluster with auto failover, failback and
> follow master commands and such.
> All is working fine, but I have a question about the pcp
> User and password hash are defined in pcp.conf, which is good.
> However, when using a "follow_master_command", I want to script a
> pcp_recovery_node command, which makes me put that user and password
> in clear text in a script or in some kind of settings file which I
> then have to source from that script.
The only workaround I can think of now is, giving read permission of
the follow master script to only PostgreSQL super user.
> Is there some way of granting access to a "local only" user of passing
> the password encrypted to the pcp_* commands?
Currently no. I will add this (or any better way to mitigate the
security risk) to our TODO. This should not be terribly hard to
implement, I guess.
SRA OSS, Inc. Japan
More information about the pgpool-general