[pgpool-general: 8687] password file format

Todd Stein todd.stein at microfocus.com
Wed Mar 29 23:52:03 JST 2023


Hi,
Will someone please correct or confirm my assumption of the SCRAM-SHA-256 password file format for $HOME/.pgpass and $HOME/.pcppass files?

I'm not sure if I should be using the password with the AES prefix outside of the pool_password file or not.  For example in the .pgpass and/or .pcppass files.

$ pg_enc -k ~/.pgpoolkey -u postgres -p
db password:
trying to read key from file /var/lib/pgsql/.pgpoolkey

P1+l8j3GaTxzSBgcY1laEQ==
pool_passwd string: AESP1+l8j3GaTxzSBgcY1laEQ==

My understanding (please correct me if I'm wrong), is that the pcp.conf file must use md5 encryption regardless of what your password_encryption in the DB is.  The pool_password file (when using scram-sha-256 encryption) requires the string it gets automatically (which includes the AES prefix) by the pg_enc command when providing the "-m" attribute.

However, I've not been able to find anything documented for the password files.  I'm pretty sure I've seen that if I were to use an encrypted password (scram-sha-256) in the pgpool.conf file, it must include the AES prefix.

In my testing I find that if the password in ~/.pgpass includes the AES prefix in the encrypted password, I get password authentication failed for user "postgres" when the system tries to start a replication slot.




Regards,

Todd Stein
OpsBridge Technical Success
OpenText
(Cell) +1 (941) 248-8752
tstein2 at opentext.com<mailto:tstein2 at opentext.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20230329/9f32eaee/attachment.htm>


More information about the pgpool-general mailing list