[pgpool-general: 8898] Re: pgpool forwarding database users/passwords

Bo Peng pengbo at sraoss.co.jp
Wed Aug 2 11:45:25 JST 2023


Hi,

> How could I configure pgpool to "forward" username/password provided by
> client to postgresql? Is there a way to not use pool_passwd file?

You can avoid maintaining pool_passwd by setting "allow_clear_text_frontend_auth = on".
However, it is not recommended for production environments for security reasons.

If you don't want to maintain pool_passwd,
it is recommended to set "enable_pool_hba = on" and use hostssl and "password" method
in pool_hba.conf so that clients are enforced to use SSL encryption.

Please refer to the documentation for more details:
https://www.pgpool.net/docs/latest/en/html/auth-methods.html#AUTH-PASSWORD

On Tue, 1 Aug 2023 14:03:44 +0200
Tan Mientras <tanimientras at gmail.com> wrote:

> Hi
> 
> Newbie here dealing with a minimal 3-node pgpool cluster (using bitnami
> docker image).
> 
> On my first test after succesfully setting up the cluter, client complains
> with "pool_passwd file does not contain an entry for 'dbusername'"
> 
> After reading
> https://www.pgpool.net/docs/pgpool-II-4.4.3/en/html/client-authentication.html
> I'm still unable to understand if pgpool can forward the credentials to
> postgresql or if it always act as a "man in the middle" and uses their own
> credentials to query the db.
> 
> How could I configure pgpool to "forward" username/password provided by
> client to postgresql? Is there a way to not use pool_passwd file?
> 
> Thanks in advance
> Regards.


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS LLC
TEL: 03-5979-2701 FAX: 03-5979-2702
URL: https://www.sraoss.co.jp/



More information about the pgpool-general mailing list