[pgpool-general: 7940] Re: Pgpool docker image md5 authentification issue
Bo Peng
pengbo at sraoss.co.jp
Thu Dec 16 17:05:11 JST 2021
Hello,
> Our Pgpool runs on Kubernetes and we use it most often as a load balancer.
> When the PostgreSQL connection was trusted without requiring a password,
> everything was fine.
>
> Now we decided to connect to PG with password in md5 mode and got a
> problem with Pgpool. We receive messages like this:
> "ERROR: Could not authenticate with backend using md5"
> "Detail: no valid password found"
>
> Pgpool fails user authentication while we add an entry to the
> pool_passwd file with md5 username and password.
> This pool_passwd file contains only one user and password entry, which I
> specify in the POSTGRES_USERNAME and POSTGRES_PASSWORD env variables.
> Pgpool runs in docker image pgpool / pgpool: 4.2.2 in k8s.
>
> Can anyone answer two questions, at least one:
>
> 1.Is there any parameters or env variable in this docker image to enter
> more than one user entry into the pool_passwd file in the docker image
You can specify the env variables like below:
TESTUSER1_USERNAME: test1
TESTUSER1_PASSWORD: password
TESTUSER2_USERNAME: test2
TESTUSER2_PASSWORD: password
Then pool_passwd will be created like:
test1:"md5hasedpassword"
test2:"md5hasedpassword"
TESTUSER1 or TESTUSER2 ... can be any string.
> 2. Is it possible to pass md5 authentication directly to PostgreSQL
> without checking the password on Pgpool.
You can specify "password" auth between client and Pgpool in pool_hba.conf.
If you use "password" auth, the "user:password" entry is not mandatory in pool_passwd,
and you can specify any authentication methods (e.g. md5, scram-sha-256) in PostgreSQL.
I strongly recommend that you use ssl communication,
when you use "password" auth between client and Pgpool.
If you are using the config map of this repo "https://github.com/pgpool/pgpool2_on_k8s",
you can modify pgpool-configmap.yaml like:
data:
pgpool.conf: |-
...
ssl = on
enable_pool_hba = on
pool_hba.conf: |-
hostssl all all 0.0.0.0/0 password
> Help, please, the problem is very critical for us.
>
> We will be very grateful for any help or in the direction of where to
> move in deciding .
>
> Thanks in advance.
>
>
> --
> Regards,
> Nikolay
>
> _______________________________________________
> pgpool-general mailing list
> pgpool-general at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-general
--
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan
http://www.sraoss.co.jp/
More information about the pgpool-general
mailing list