[pgpool-hackers: 2888] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
Tatsuo Ishii
ishii at sraoss.co.jp
Wed Jul 25 17:37:54 JST 2018
Hi Usama,
>>> > *allow_clear_text_frontend_auth*, enabling this config allows the
>>> Pgpool-II
>>> > to use clear-text-password authentication with frontend clients when
>>> > pool_passwd file does not contains the password for the connecting user,
>>> > and use that password (provided by client) to authenticate with the
>>> backend
>>> > using MD5 and/or SCRAM authentication.
>>> >
>>> > Note: allow_clear_text_frontend_auth only works when pool_hba.conf is not
>>> > enabled in pgpool.conf
I found that if both allow_clear_text_frontend_auth and
enable_pool_hba are on, then nobody can connect to pgpool.
t-ishii at localhost: psql -p 11000 test
psql: FATAL: client authentication failed
DETAIL: missing or erroneous pool_hba.conf file
HINT: see pgpool log for details
This is a disaster and I think It's better for pgpool to refuse
starting. Or maybe we should ignore one of them (and start pgpool)
What do you think?
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list