[pgpool-general: 7461] Re: AWS Aurora / Postgres handling additional Database Users
Bo Peng
pengbo at sraoss.co.jp
Fri Mar 26 14:22:51 JST 2021
Hi,
On Thu, 25 Mar 2021 16:03:54 -0500
Eric Brawner <eric.brawner at exprealty.net> wrote:
> Hi all,
>
> I think I know the answer already (No). But want to make absolutely sure.
> It seems for Aurora we needed to use MD5 to hash the password for our
> Database User (User1). However, we have several other database users we'd
> also like to have connect via PGPool.
>
> Is there a configuration/way we can have these additional users pass-though
> authenticate to the Aurora Postgres instance? I think its no.
>
> If that is the case our only option is to also MD5 hash the additional
> user's passwords into PGPool such that we'd need to maintain
> their passwords in both Aurora & PGPool?
I think in this case if enable_pool_hba = off,
you can use "allow_clear_text_frontend_auth".
https://www.pgpool.net/docs/latest/en/html/runtime-config-connection.html#GUC-ALLOW-CLEAR-TEXT-FRONTEND-AUTH
If PostgreSQL backend servers require md5 or SCRAM authentication for some user's authentication,
but the password for that user is not present in the "pool_passwd" file,
then enabling allow_clear_text_frontend_auth will allow the Pgpool-II to
use clear-text-password authentication with frontend clients to get the
password in plain text form from the client and use it for backend authentication.
> Thanks in advance
>
> Eric
>
> --
> *Eric Brawner*
> Data Engineer / Business Intelligence
> *eXp Realty*
> Livingston, Tx (Central Time)
--
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS, Inc. Japan
More information about the pgpool-general
mailing list