<div dir="ltr"><div>Hi all,</div><div><br></div><div>this is an enhancement request.</div><div>AFAIK currently the only way to use md5 authentication with pgpool-II and PostgreSQL is the following:</div><div><ul><li>setup pool_hba file to enforce md5 authentication from client hosts</li><li>setup pool_passwd file with users and passwords to be used by the clients</li><li>setup pg_hba file to enforce md5 authentication from pgpool host(s)</li><li>create users in PostgreSQL with the same password as in pool_passwd file.</li></ul><div>This works perfectly and is the way suggested in the manual.</div></div><div><br></div><div>The problem with this setup is that it is cumbersome and error prone to keep pool_passwd aligned with postgresql users.</div><div>In order to add a new user we need to add it in postgresql, add it in pool_passwd and reload pgpool to read again pool_passwd file.</div><div><br></div><div>It would be great to find a way to bypass pgpool authentication and authenticate only in PostgreSQL.</div><div>If PostgreSQL authentication succeeds, client authentication succeeds, otherwise it fails.</div><div>In this way there will be no double authentication against pgpool and against postgresql.</div><div>Moreover users and passwords will be only in PostgreSQL, where their management is easier.</div><div><br></div><div>I don't know if this is technically feasible but it could work like that:</div><div><ul><li>setup pool_hba to enforce md5 authentication from client hosts</li><li>disable the use of pool_passwd</li><li>setup pg_hba to enforce md5 authentication from pgpool host</li><li>create users in PostgreSQL.</li></ul><div>In this setup pgpool will simply try md5 authentication against PostgreSQL with user and password provided by the client, and reports success or failure to the client.</div></div><div><br></div><div>Obviously if there is a mismatch between the authentication enforced in pool_hba and the one resulting from pg_hba an error will be returned.</div><div><br></div><div>I've opened a enhancement request</div><div><a href="http://www.pgpool.net/mantisbt/view.php?id=170">http://www.pgpool.net/mantisbt/view.php?id=170</a><br></div><div><br></div><div>What do you think about this proposal?</div><div><br></div><div>Best regards,</div><div><br></div><div>Gabriele Monfardini</div><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>-----<br>Gabriele Monfardini<br>LdP Progetti GIS</div><div>tel: 0577.531049<br>email: <a href="mailto:monfardini@ldpgis.it" target="_blank">monfardini@ldpgis.it</a></div></div></div></div>
</div>