[pgpool-general: 7923] Re: Problem using password authentication
Wolf Schwurack
wolf at uen.org
Thu Dec 9 01:48:58 JST 2021
Not sure why anyone would want to use clear text password but that is your deal. If you look at the link below it show the auth-method to use
https://www.pgpool.net/docs/42/en/html/auth-pool-hba-conf.html
Wolf
From: Jon SCHEWE <jon.schewe at raytheon.com>
Date: Wednesday, December 8, 2021 at 9:39 AM
To: Wolfgang Schwurack <wolf at uen.org>, Bo Peng <pengbo at sraoss.co.jp>
Cc: "pgpool-general at pgpool.net" <pgpool-general at pgpool.net>
Subject: Re: [pgpool-general: 7920] Re: Problem using password authentication
I'm using "password" authentication. As in the password is sent as clear text (inside SSL) to pgpool and then on to postgres. This is a valid option instead of "trust", "md5", etc. And it is working from the same network, just not from other networks.
Jon Schewe
Principal Software Systems Technologist
C: +1 612.263.2718
O: +1 952.545.5720
jon.schewe at raytheon.com
Raytheon Technologies
Raytheon Intelligence & Space
5775 Wayzata Blvd. Suite 630
St. Louis Park, MN 55416
RTX.com<https://www.rtx.com/> | LinkedIn<https://www.linkedin.com/company/raytheontechnologies> | Twitter<https://twitter.com/raytheontech> | Instagram<https://www.instagram.com/raytheontechnologies>
________________________________
From: Wolf Schwurack <wolf at uen.org>
Sent: Wednesday, December 8, 2021 09:34
To: Jon SCHEWE <jon.schewe at raytheon.com>; Bo Peng <pengbo at sraoss.co.jp>
Cc: pgpool-general at pgpool.net <pgpool-general at pgpool.net>
Subject: [External] Re: [pgpool-general: 7920] Re: Problem using password authentication
First of all you don't put the password in pool_hba.conf this should 'trust, md5 etc. Password are encrypted in pool_passwd. If you read the documents it going over all of this
Wolf
On 12/8/21, 8:24 AM, "pgpool-general on behalf of Jon SCHEWE" <pgpool-general-bounces at pgpool.net on behalf of jon.schewe at raytheon.com> wrote:
> > I'm using password authentication over SSL. This works fine with connections from the same network, but doesn't work with connections from another network. Can anyone explain why this isn't working?
> >
> > in pgpool.conf:
> > enable_pool_hba = on
> > pool_passwd = ''
> >
> >
> > in pool_hba.conf:
> > # "local" is for Unix domain socket connections only
> > local all all trust
> > # IPv4 local connections:
> > host all all 127.0.0.1/32 trust
> > host all all ::1/128 trust
> >
> > hostssl all all 0.0.0.0/0 password
> >
> > log output:
> > Dec 7 16:20:59 psql-01 pgpool[1085857]: 2021-12-07 16:20:59: pid 1102488: WARNING: unable to get password, password file descriptor is NULL
> > Dec 7 16:20:59 psql-01 pgpool[1085857]: 2021-12-07 16:20:59: pid 1102488: FATAL: client authentication failed
> > Dec 7 16:20:59 psql-01 pgpool[1085857]: 2021-12-07 16:20:59: pid 1102488: DETAIL: no pool_hba.conf entry for host "XXX.XXX.XXX.XXX", user "", database "", SSL off
>
> I am wondering why the "user" and "database" are blank.
> Can you connect to PostgreSQL from another network?
Our firewall limits access to PostgreSQL from other networks to prevent applications from connecting to the individual instances rather than pgpool.
My pg_hba.conf for PostgreSQL limits connections to the pgpool hosts. In this case the pgpool virtual IP is 192.1.213.40 and the 3 hosts are allowed to connect to PostgreSQL directly.
hostssl all all 192.1.213.41/32 password
hostssl all all 192.1.213.42/32 password
hostssl all all 192.1.213.43/32 password
_______________________________________________
pgpool-general mailing list
pgpool-general at pgpool.net
http://www.pgpool.net/mailman/listinfo/pgpool-general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20211208/70389d50/attachment.htm>
More information about the pgpool-general
mailing list