[pgpool-general: 8900] Re: pgpool forwarding database users/passwords
Bo Peng
pengbo at sraoss.co.jp
Wed Aug 2 17:12:16 JST 2023
Hi,
Did you enable "enable_pool_hba" in pgpool.conf?
enable_pool_hba = on
On Wed, 2 Aug 2023 08:39:15 +0200
Tan Mientras <tanimientras at gmail.com> wrote:
> Using
>
> host all all 192.162.122.0/24 password
>
> on my pool_hba.conf doesnt work as expected and still complains in logs for
> pool_password file not containing dbusername.
>
> On Wed, Aug 2, 2023 at 4:45 AM Bo Peng <pengbo at sraoss.co.jp> wrote:
>
> > Hi,
> >
> > > How could I configure pgpool to "forward" username/password provided by
> > > client to postgresql? Is there a way to not use pool_passwd file?
> >
> > You can avoid maintaining pool_passwd by setting
> > "allow_clear_text_frontend_auth = on".
> > However, it is not recommended for production environments for security
> > reasons.
> >
> > If you don't want to maintain pool_passwd,
> > it is recommended to set "enable_pool_hba = on" and use hostssl and
> > "password" method
> > in pool_hba.conf so that clients are enforced to use SSL encryption.
> >
> > Please refer to the documentation for more details:
> > https://www.pgpool.net/docs/latest/en/html/auth-methods.html#AUTH-PASSWORD
> >
> > On Tue, 1 Aug 2023 14:03:44 +0200
> > Tan Mientras <tanimientras at gmail.com> wrote:
> >
> > > Hi
> > >
> > > Newbie here dealing with a minimal 3-node pgpool cluster (using bitnami
> > > docker image).
> > >
> > > On my first test after succesfully setting up the cluter, client
> > complains
> > > with "pool_passwd file does not contain an entry for 'dbusername'"
> > >
> > > After reading
> > >
> > https://www.pgpool.net/docs/pgpool-II-4.4.3/en/html/client-authentication.html
> > > I'm still unable to understand if pgpool can forward the credentials to
> > > postgresql or if it always act as a "man in the middle" and uses their
> > own
> > > credentials to query the db.
> > >
> > > How could I configure pgpool to "forward" username/password provided by
> > > client to postgresql? Is there a way to not use pool_passwd file?
> > >
> > > Thanks in advance
> > > Regards.
> >
> >
> > --
> > Bo Peng <pengbo at sraoss.co.jp>
> > SRA OSS LLC
> > TEL: 03-5979-2701 FAX: 03-5979-2702
> > URL: https://www.sraoss.co.jp/
> >
--
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS LLC
TEL: 03-5979-2701 FAX: 03-5979-2702
URL: https://www.sraoss.co.jp/
More information about the pgpool-general
mailing list