<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Wed, Jul 25, 2018 at 1:37 PM Tatsuo Ishii <<a href="mailto:ishii@sraoss.co.jp">ishii@sraoss.co.jp</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Usama,<br>
<br>
>>> > *allow_clear_text_frontend_auth*, enabling this config allows the<br>
>>> Pgpool-II<br>
>>> > to use clear-text-password authentication with frontend clients when<br>
>>> > pool_passwd file does not contains the password for the connecting user,<br>
>>> > and use that password (provided by client) to authenticate with the<br>
>>> backend<br>
>>> > using MD5 and/or SCRAM authentication.<br>
>>> ><br>
>>> > Note: allow_clear_text_frontend_auth only works when pool_hba.conf is not<br>
>>> > enabled in pgpool.conf<br>
<br>
I found that if both allow_clear_text_frontend_auth and<br>
enable_pool_hba are on, then nobody can connect to pgpool.<br>
<br>
t-ishii@localhost: psql -p 11000 test<br>
psql: FATAL: client authentication failed<br>
DETAIL: missing or erroneous pool_hba.conf file<br>
HINT: see pgpool log for details<br>
<br>
This is a disaster and I think It's better for pgpool to refuse<br>
starting. Or maybe we should ignore one of them (and start pgpool)<br>
What do you think?<br></blockquote><div><br></div><div>You must have hit some bug. Its not intentional.</div><div><br></div><div>Did you provided the valid pool_hba.conf file for this test. I have ran a quick test</div><div>with valid pool_hba.conf and <span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">allow_clear_text_frontend_auth=on and its working</span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Can you please provide the steps to reproduce this issue. </span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Thanks</span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Best Regards</span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">Muhammad Usama</span></div><div><span style="font-size:small;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Best regards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS, Inc. Japan<br>
English: <a href="http://www.sraoss.co.jp/index_en.php" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en.php</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
</blockquote></div></div>