[pgpool-hackers: 2981] Re: Pgpool-II 4.0 vs. pool_passwd
Jesper Pedersen
jesper.pedersen at redhat.com
Wed Aug 22 21:32:31 JST 2018
Hi,
On 08/21/2018 08:47 AM, Tatsuo Ishii wrote:
>> Yes, I have all 3 types defined in my pool_passwd, with
>>
>> enable_pool_hba = on
>> allow_clear_text_frontend_auth = off
>
> But since we allow clear text password in pool_passwd, we cannot judge
> whether this line is AES256 or clear text password,
>
> t-ishii:AESc7iO9vVbTxOaY+JSWTbPqA==
>
> we could interpret this either as a clear text entry with password
> string "AESc7iO9vVbTxOaY+JSWTbPqA==" or AES256 encrypted entry, no?
>
Correct.
>> and no passwords defined in pgpool.conf. The key is read from
>> ~/.pgpoolkey.
>
> I assume .pgpoolkey contains encrytion key for AES256.
>
Yes.
>>> Also I wonder we can safely mix up md5/AES256 formats in pool_passwd
>>> because I see corrpuption in pool_passwd if I update one of the
>>> password.
>>>
>>
>> That is
>>
>> https://www.pgpool.net/mantisbt/view.php?id=419
>>
>> which also exists on stable branches for a mix of plain text and MD5
>> passwords.
>
> In my understanding, pool_passwd does not allow clear text password on
> stable branches.
>
Ah, sorry - I assumed that, since it wasn't listed in the release notes.
Best regards,
Jesper
More information about the pgpool-hackers
mailing list