[pgpool-hackers: 2891] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II

Muhammad Usama m.usama at gmail.com
Wed Jul 25 20:47:49 JST 2018


On Wed, Jul 25, 2018 at 1:37 PM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:

> Hi Usama,
>
> >>> > *allow_clear_text_frontend_auth*, enabling this config allows the
> >>> Pgpool-II
> >>> > to use clear-text-password authentication with frontend clients when
> >>> > pool_passwd file does not contains the password for the connecting
> user,
> >>> > and use that password (provided by client) to authenticate with the
> >>> backend
> >>> > using MD5 and/or SCRAM authentication.
> >>> >
> >>> > Note: allow_clear_text_frontend_auth only works when pool_hba.conf
> is not
> >>> > enabled in pgpool.conf
>
> I found that if both allow_clear_text_frontend_auth and
> enable_pool_hba are on, then nobody can connect to pgpool.
>
> t-ishii at localhost: psql -p 11000 test
> psql: FATAL:  client authentication failed
> DETAIL:  missing or erroneous pool_hba.conf file
> HINT:  see pgpool log for details
>
> This is a disaster and I think It's better for pgpool to refuse
> starting. Or maybe we should ignore one of them (and start pgpool)
> What do you think?
>

You must have hit some bug. Its not intentional.

Did you provided the valid pool_hba.conf file for this test. I have ran a
quick test
with valid pool_hba.conf and allow_clear_text_frontend_auth=on and its
working

Can you please provide the steps to reproduce this issue.

Thanks
Best Regards
Muhammad Usama


> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20180725/e32b3676/attachment.html>


More information about the pgpool-hackers mailing list