[pgpool-general: 8690] Re: password file format
Ron
ronljohnsonjr at gmail.com
Thu Mar 30 00:59:45 JST 2023
Can you connect to "the database" from port 9999?
psql --host=blarge.example.com --username=postgres --port=9999
On 3/29/23 10:35, Todd Stein wrote:
>
> Hi Ron,
>
> Thanks for your response.
>
> I should have not included the reference to pcp.conf and pool_passwd
> files. These are well documented, and made my question unclear.
>
> *This one statement is the one I need help with:*/
> /
>
> /“In my testing I find that if the password in ~/.pgpass includes the AES
> prefix in the encrypted password, I get password authentication failed for
> user “postgres” when the system tries to start a replication slot.”/
>
> *More detail:*
>
> **
>
> Here are a few lines from the postgresql-Wed.log file. This entry
> corresponds to a pcp_recovery_node command:
>
> 2023-03-29 11:20:27.378 EDT [660839] STATEMENT: START_REPLICATION SLOT
> "pg_basebackup_660839" 3/7000000 TIMELINE 76
>
> 2023-03-29 11:20:30.860 EDT [660848] FATAL: password authentication
> failed for user "postgres"
>
> 2023-03-29 11:20:30.860 EDT [660848] DETAIL: Connection matched
> pg_hba.conf line 108: "host all postgres 0.0.0.0/0
> scram-sha-256"
>
> During the pcp_recovery_node process the system attempts to create a
> replicaion slot, and fails… I’m trying to figure out why.
>
> Regards,
>
> **
>
> *Todd Stein*
>
> *From:*pgpool-general <pgpool-general-bounces at pgpool.net> *On Behalf Of *Ron
> *Sent:* Wednesday, March 29, 2023 11:18 AM
> *To:* pgpool-general at pgpool.net
> *Subject:* [pgpool-general: 8688] Re: password file format
>
> On 3/29/23 09:52, Todd Stein wrote:
>
> Hi,
>
> Will someone please correct or confirm my assumption of the
> SCRAM-SHA-256 password file format for $HOME/.pgpass and
> $HOME/.pcppass files?
>
> I’m not sure if I should be using the password with the AES prefix
> outside of the pool_password file or not. For example in the .pgpass
> and/or .pcppass files.
>
> $ pg_enc -k ~/.pgpoolkey -u postgres -p
>
> db password:
>
> trying to read key from file /var/lib/pgsql/.pgpoolkey
>
> *P1+l8j3GaTxzSBgcY1laEQ==*
>
> pool_passwd string: *AESP1+l8j3GaTxzSBgcY1laEQ==*
>
> **
>
> My understanding (please correct me if I’m wrong), is that the
> pcp.conf file must use md5 encryption regardless of what your
> password_encryption in the DB is.
>
>
> pcp is for managing PgPool.
>
>
> The pool_password file (when using scram-sha-256 encryption) requires
> the string it gets automatically (which includes the AES prefix) by
> the pg_enc command when providing the “-m” attribute.
>
>
> pool_passwd is for accessing Postgresql databases. Their "user lists" are
> completely separate. You can, for example, have user "blarge" in pcp.conf
> but not in pool_passwd (and by extension be a Postgresql role).
>
> However, I’ve not been able to find anything documented for the
> password files.
>
>
> What do you mean? https://www.pgpool.net/docs/43/en/html/auth-methods.html
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.pgpool.net%2Fdocs%2F43%2Fen%2Fhtml%2Fauth-methods.html&data=05%7C01%7Ctodd.stein%40microfocus.com%7C74b196748d38442770ac08db3068d1a7%7C856b813c16e549a585ec6f081e13b527%7C0%7C0%7C638156998980302068%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=SoP1bzxnsvnmNLUJVD9Ue9VKvbW%2BTXWw2c6ATDmAT1U%3D&reserved=0>
> describes pool_passwd, and describes how to create MD5 and SHA256 hashes.
>
>
> I’m pretty sure I’ve seen that if I were to use an encrypted
> password (scram-sha-256) in the pgpool.conf file, it must include the
> AES prefix.
>
>
> pg_enc does that for you.
>
>
> In my testing I find that if the password in ~/.pgpass includes the
> AES prefix in the encrypted password, I get password authentication
> failed for user “postgres” when the system tries to start a
> replication slot.
>
>
> That needs more detail.
>
> --
> Born in Arizona, moved to Babylonia.
>
--
Born in Arizona, moved to Babylonia.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pgpool.net/pipermail/pgpool-general/attachments/20230329/a398f4ac/attachment.htm>
More information about the pgpool-general
mailing list