[pgpool-general: 4765] Re: pool_passwd file and MD5 authentication

Tatsuo Ishii ishii at postgresql.org
Wed Jul 6 07:43:45 JST 2016


> Hey folks,
> 
> Regarding pgpool 3.4.3 and MD5 authentication support.  Does the
> pool_passwd file for pgpool need to contain the userid and MD5 hash
> key for all login users in the PostgreSQL database?

Yes.

> I was expecting
> that MD5 authentication could be done directly between the client
> and the PostgreSQL server, with pgpool just passing the
> authentication messages along.

No, it's not possible because of the nature of MD5 authentication. If
the client does that, it needs to create hashed md5 response using
different salts sent from each PostgreSQL, which is impossible.

See following FAQ entry for more details on how md5 auth works with pgpool-II.
http://pgpool.net/mediawiki/index.php/FAQ#How_does_pgpool-II_handle_md5_authentication.3F

>  I take it that this is not an option
> for pgpool, correct?  So for password updates, it looks like I will
> need a script that will change both the pool_passwd file and the
> PostgreSQL database in order for the password to be properly
> updated.
> 
> Also, I haven't moved our code base to pgpool 3.5 yet.  Does pgpool 3.5 handle MD5 authentication the same way?

Yes.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp


More information about the pgpool-general mailing list