[pgpool-general: 345] Re: No password required?

Tatsuo Ishii ishii at postgresql.org
Wed Apr 4 21:37:03 JST 2012 

> On 4/3/12 10:36 AM, Tatsuo Ishii wrote:
>> Did you set pg_hba.conf?
>> Also please take a look at:
>> http://www.pgpool.net/mediawiki/index.php/FAQ
> 
> I have the same records in pool_hba.conf (on pgpool front-ends) and
> pg_hba.conf (on PostgreSQL back-ends) - like:
> 
> host  db1    db1       192.168.0.20/32      md5
> 
> 192.168.0.20 is client IP.
> 
> Of course on postgresql backends I am using recods:
> 
> host    all        all       192.168.0.10/32        trust
> host    all        all       192.168.0.11/32        trust
> 
> (192.168.0.10 and 192.168.0.11 are pgpool servers). In case that I am
> using md5 authentication for pgpool servers, I am just able check
> health status (health_check_user, health_check_password), but not
> connect to the DB. I definitely missed something.

As stated in the FAQ, if your pg_hba.conf uses trust, you will not be
asked password.

To know the cause of the failure when you enable md5 in pg_hba.conf,
you need to provide more detailed info: namely log of PostgreSQL and
pgpool(with -d enabled is better).
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

> Best Regards
> 
> Lumir Jasiok
>> --
>> Tatsuo Ishii
>> SRA OSS, Inc. Japan
>> English: http://www.sraoss.co.jp/index_en.php
>> Japanese: http://www.sraoss.co.jp
>>
>>> I have got configured pgpool2 (3.1.1-1) with "enable_pool_hba = on" in
>>> pgpool.conf. I also have got a user:password record in pool_passwd and
>>> host records in pool_hba.conf:
>>>
>>> host<database>  <user_name>  <IPv4>/32      md5
>>>
>>> Problem is, that I am able to connect from<IPv4>  client address
>>> allowed in pool_hba.conf WITHOUT password:
>>>
>>>   psql -h<pgpool_host>  -U<database>  <user_name>
>>>
>>> What's wrong? What I am doing wrong? It's security problem, because
>>> anybody from<IPv4>  can connect to ANY database that is allowed for
>>> particular IP.
>>>
>>> Best Regards
>>>
>>> Lumir Jasiok
>>>
>>> -- 
>>>   Lumír Jasiok
>>>
>>> _______________________________________________
>>> pgpool-general mailing list
>>> pgpool-general at pgpool.net
>>> http://www.pgpool.net/mailman/listinfo/pgpool-general
> 
> 
> -- 
>  Lumír Jasiok
>  VSB-TU Ostrava - Computer centre
>  Tel: +420 59 732 3189
>  E-mail: lumir.jasiok at vsb.cz
>  http://www.vsb.cz
>

More information about the pgpool-general mailing list