<div><br></div><div dir="auto">Hi, the value what you said is disabled</div><div dir="auto"><br></div><div dir="auto"><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">2024년 11월 12일 (화) 13:16, Tatsuo Ishii <<a href="mailto:ishii@postgresql.org">ishii@postgresql.org</a>>님이 작성:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)">Hi,<br>
<br>
Please Cc: to the mailing list so that we can share the valuable<br>
information.<br>
<br>
> Hello, thank you for taking the time to test this. There is one difference<br>
> from my setup. While Mr. Tatsuo enabled pool_hba.conf and registered the<br>
> accounts there, my configuration has enable_pool_hba = off and uses<br>
> pool_passwd = 'pool_passwd' to manage accounts via pool_passwd. Could this<br>
> be an important difference? Thank you.<br>
<br>
Yes, that would make pgpool to take different code path for<br>
authentication.<br>
<br>
Also I want to know if you enable allow_clear_text_frontend_auth.<br>
<br>
Best reagards,<br>
--<br>
Tatsuo Ishii<br>
SRA OSS K.K.<br>
English: <a href="http://www.sraoss.co.jp/index_en/" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en/</a><br>
Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
<br>
> 2024년 11월 12일 (화) 10:46, Tatsuo Ishii <<a href="mailto:ishii@postgresql.org" target="_blank">ishii@postgresql.org</a>>님이 작성:<br>
> <br>
>> I have run a test but failed to reproduce your problem. Basically<br>
>> what I did was creating a test cluster using pgpool_setup. The<br>
>> configuration does not use watchdog but I don't think it makes any<br>
>> deference in terms of authentication. Here are more details about the<br>
>> test.<br>
>><br>
>> - create a user 'foo'<br>
>> - create password entry in pool_passwd using pg_enc command<br>
>> - enable_pool_hba = on<br>
>> - use scram-shar-256 auth<br>
>> in pool_hba.conf:<br>
>> local all foo scram-sha-256<br>
>> in pg_hba.conf:<br>
>> local all foo scram-sha-256<br>
>><br>
>> - Then run a script (see attached) which reads new password from<br>
>> terminal and change password on PostgreSQL, Change password on the<br>
>> pgpool side using pg_enc command.<br>
>><br>
>> - reload pgpool.conf<br>
>><br>
>> - try to connec to pgpool as user foo<br>
>><br>
>> Is there anything quite different from my test setting in your side?<br>
>><br>
>> Best reagards,<br>
>> --<br>
>> Tatsuo Ishii<br>
>> SRA OSS K.K.<br>
>> English: <a href="http://www.sraoss.co.jp/index_en/" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en/</a><br>
>> Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
>><br>
>> > Yes, I agree. I need to invest the code used by the child process on<br>
>> > the Pgpool-II side.<br>
>> ><br>
>> >> I feel the same way. However, I have a question. The fact that the<br>
>> first 10<br>
>> >> attempts all fail, and that the failure count gradually decreases, seems<br>
>> >> like it could be related to the child processes on the PGPOOL side.<br>
>> What do<br>
>> >> you think?<br>
>> >><br>
>> >><br>
>> >> 2024년 11월 11일 (월) 16:16, Tatsuo Ishii <<a href="mailto:ishii@postgresql.org" target="_blank">ishii@postgresql.org</a>>님이 작성:<br>
>> >><br>
>> >>> > Hello, I performed a reload using systemctl reload pgpool. (The<br>
>> reload<br>
>> >>> > command is as follows.) /usr/bin/pgpool -f /etc/pgpool-II/pgpool.conf<br>
>> >>> reload<br>
>> >>><br>
>> >>> Strange. That should have made each pgpool process re-open pool_passwd<br>
>> >>> (pgpool does not have cache of pool_passwd) and upon authentication<br>
>> >>> request pgpool should read the latest contents of pool_passwd. I'll<br>
>> >>> look into this more.<br>
>> >>><br>
>> >>> Best reagards,<br>
>> >>> --<br>
>> >>> Tatsuo Ishii<br>
>> >>> SRA OSS K.K.<br>
>> >>> English: <a href="http://www.sraoss.co.jp/index_en/" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en/</a><br>
>> >>> Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
>> >>><br>
>> >>> > 2024년 11월 11일 (월) 15:33, Tatsuo Ishii <<a href="mailto:ishii@postgresql.org" target="_blank">ishii@postgresql.org</a>>님이 작성:<br>
>> >>> ><br>
>> >>> >> > Hello, I have just subscribed to pgpool-general for the first time<br>
>> >>> >> today. I<br>
>> >>> >> > am writing this email with a question. Currently, I am using<br>
>> >>> PostgreSQL<br>
>> >>> >> > version 10.23-4 and PGPOOL-II version 4.2.10. There are three<br>
>> nodes in<br>
>> >>> >> the<br>
>> >>> >> > DB Replication Cluster, and each node is monitored by Watchdog.<br>
>> (The<br>
>> >>> >> actual<br>
>> >>> >> > operations run through the delegate IP of Watchdog.) Account<br>
>> >>> >> authentication<br>
>> >>> >> > is managed with pool_passwd. Here is my question: When I create a<br>
>> new<br>
>> >>> >> > account or change an existing account's password and update<br>
>> >>> pool_passwd,<br>
>> >>> >> I<br>
>> >>> >> > encounter an error related to password authentication failure.<br>
>> >>> >> > Interestingly, if I try 10 times initially, all 10 attempts fail.<br>
>> >>> Then,<br>
>> >>> >> > when I retry, about 7 attempts fail, then after retrying again,<br>
>> about<br>
>> >>> 5<br>
>> >>> >> > attempts fail. Eventually, it connects successfully after several<br>
>> >>> >> retries.<br>
>> >>> >> > Is there a chance that child processes are caching authentication<br>
>> >>> >> > information separately? How can I resolve this issue?<br>
>> >>> >><br>
>> >>> >> Have you executed "pgpool reload" or pcp_reload_config command after<br>
>> >>> >> changing pool_passwd?<br>
>> >>> >> --<br>
>> >>> >> Tatsuo Ishii<br>
>> >>> >> SRA OSS K.K.<br>
>> >>> >> English: <a href="http://www.sraoss.co.jp/index_en/" rel="noreferrer" target="_blank">http://www.sraoss.co.jp/index_en/</a><br>
>> >>> >> Japanese:<a href="http://www.sraoss.co.jp" rel="noreferrer" target="_blank">http://www.sraoss.co.jp</a><br>
>> >>> >><br>
>> >>><br>
>><br>
</blockquote></div></div>