[pgpool-general: 8900] Re: pgpool forwarding database users/passwords

Bo Peng pengbo at sraoss.co.jp
Wed Aug 2 17:12:16 JST 2023


Hi,

Did you enable "enable_pool_hba" in pgpool.conf?

  enable_pool_hba = on 

On Wed, 2 Aug 2023 08:39:15 +0200
Tan Mientras <tanimientras at gmail.com> wrote:

> Using
> 
> host all all 192.162.122.0/24 password
> 
> on my pool_hba.conf doesnt work as expected and still complains in logs for
> pool_password file not containing dbusername.
> 
> On Wed, Aug 2, 2023 at 4:45 AM Bo Peng <pengbo at sraoss.co.jp> wrote:
> 
> > Hi,
> >
> > > How could I configure pgpool to "forward" username/password provided by
> > > client to postgresql? Is there a way to not use pool_passwd file?
> >
> > You can avoid maintaining pool_passwd by setting
> > "allow_clear_text_frontend_auth = on".
> > However, it is not recommended for production environments for security
> > reasons.
> >
> > If you don't want to maintain pool_passwd,
> > it is recommended to set "enable_pool_hba = on" and use hostssl and
> > "password" method
> > in pool_hba.conf so that clients are enforced to use SSL encryption.
> >
> > Please refer to the documentation for more details:
> > https://www.pgpool.net/docs/latest/en/html/auth-methods.html#AUTH-PASSWORD
> >
> > On Tue, 1 Aug 2023 14:03:44 +0200
> > Tan Mientras <tanimientras at gmail.com> wrote:
> >
> > > Hi
> > >
> > > Newbie here dealing with a minimal 3-node pgpool cluster (using bitnami
> > > docker image).
> > >
> > > On my first test after succesfully setting up the cluter, client
> > complains
> > > with "pool_passwd file does not contain an entry for 'dbusername'"
> > >
> > > After reading
> > >
> > https://www.pgpool.net/docs/pgpool-II-4.4.3/en/html/client-authentication.html
> > > I'm still unable to understand if pgpool can forward the credentials to
> > > postgresql or if it always act as a "man in the middle" and uses their
> > own
> > > credentials to query the db.
> > >
> > > How could I configure pgpool to "forward" username/password provided by
> > > client to postgresql? Is there a way to not use pool_passwd file?
> > >
> > > Thanks in advance
> > > Regards.
> >
> >
> > --
> > Bo Peng <pengbo at sraoss.co.jp>
> > SRA OSS LLC
> > TEL: 03-5979-2701 FAX: 03-5979-2702
> > URL: https://www.sraoss.co.jp/
> >


-- 
Bo Peng <pengbo at sraoss.co.jp>
SRA OSS LLC
TEL: 03-5979-2701 FAX: 03-5979-2702
URL: https://www.sraoss.co.jp/



More information about the pgpool-general mailing list