[pgpool-hackers: 2978] Re: Pgpool-II 4.0 vs. pool_passwd

Tatsuo Ishii ishii at sraoss.co.jp
Tue Aug 21 21:47:15 JST 2018


> Hi,
> 
> On 08/21/2018 04:07 AM, Tatsuo Ishii wrote:
>> What are the password formats allowed in pool_passwd?
>> I know at least several formats:
>> 1) md5
>> t-ishii:md5ce4cf1572c8167c097638820177cbc05
>> 2) AES256
>> t-ishii:AESc7iO9vVbTxOaY+JSWTbPqA==
>> But what about clear text password? Do you suppose it is allowed in
>> pool_passwd?
>>
> 
> Yes, I have all 3 types defined in my pool_passwd, with
> 
>  enable_pool_hba = on
>  allow_clear_text_frontend_auth = off

But since we allow clear text password in pool_passwd, we cannot judge
whether this line is AES256 or clear text password,

t-ishii:AESc7iO9vVbTxOaY+JSWTbPqA==

we could interpret this either as a clear text entry with password
string "AESc7iO9vVbTxOaY+JSWTbPqA==" or AES256 encrypted entry, no?

> and no passwords defined in pgpool.conf. The key is read from
> ~/.pgpoolkey.

I assume .pgpoolkey contains encrytion key for AES256.

>> Also I wonder we can safely mix up md5/AES256 formats in pool_passwd
>> because I see corrpuption in pool_passwd if I update one of the
>> password.
>>
> 
> That is
> 
>  https://www.pgpool.net/mantisbt/view.php?id=419
> 
> which also exists on stable branches for a mix of plain text and MD5
> passwords.

In my understanding, pool_passwd does not allow clear text password on
stable branches.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp


More information about the pgpool-hackers mailing list