Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tVmpZ-00BR0s-6z for pgsql-general@arkaria.postgresql.org; Thu, 09 Jan 2025 07:19:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tVmpY-00DvyE-Cd for pgsql-general@arkaria.postgresql.org; Thu, 09 Jan 2025 07:19:48 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tVmpY-00Dvy4-0S for pgsql-general@lists.postgresql.org; Thu, 09 Jan 2025 07:19:47 +0000 Received: from meldrar.postgresql.org ([2a02:c0:301:0:ffff::31]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tVmpU-000gtN-1y for pgsql-general@lists.postgresql.org; Thu, 09 Jan 2025 07:19:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=postgresql.org; s=20171124; h=Content-Transfer-Encoding:Content-Type: Mime-Version:References:In-Reply-To:From:Subject:Cc:To:Message-Id:Date:Sender :Reply-To:Content-ID:Content-Description; bh=0qLbf392OsAefEM9LMjxIJZTQAbtebJx+gD9jbvWpr4=; b=wqEZS1/zZWZkbwbzkKBTaP++v8 V/0oPV0aM/LL4d3GsBP2mK0KVnVpBiET+FKLUzDQ0XjJweDeEQjQ1fuuDHdXDle+y0Z4HrGUBTxbW ZryUuM493h5QHWKans4PBbBdyNHtAiM6ZwTIJMflOgg2JlH9sjvFNy7316HnqD11ouhTkHnsrLbCq 4O+SwPzsrZeTum3fSz6FNi++xSBh/WjgYiVVVye7OJuY9RQNAWwB7VXcD/X3aUHktHAEC9FbA4PBi ARxRjxeHFdskMPLJhxZvrYfMGmqe9iSzoFjDq5Onc4sIr0k6R6KYiz/KAKlVdERQnXJZwn5UHmSdD aRlJLiwg==; Received: from [2409:11:4120:300:caa4:8496:6c90:c0c7] (helo=localhost) by meldrar.postgresql.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from ) id 1tVmpQ-001nXR-Bv; Thu, 09 Jan 2025 07:19:44 +0000 Date: Thu, 09 Jan 2025 16:19:32 +0900 (JST) Message-Id: <20250109.161932.1651956031953165183.ishii@postgresql.org> To: vijay.postgres@gmail.com Cc: david.g.johnston@gmail.com, pgpool-general@pgpool.net, pgsql-general@lists.postgresql.org Subject: Re: Issue with Password Authentication for Pgpool From: Tatsuo Ishii In-Reply-To: References: X-Mailer: Mew version 6.8 on Emacs 26.3 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Host-Lookup-Failed: Reverse DNS lookup failed for 2409:11:4120:300:caa4:8496:6c90:c0c7 (failed) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > Thanks David, > > I tested the configuration by setting allow_clear_text_frontend_auth = on > and disabling the pool_hba. I made the corresponding entry in the > pg_hba.conf file. However, while connecting through the database port > (5432), it prompts for the password, but when connecting through Pgpool > (port 9999), it does not ask for a password. > > Here is the content of pg_hba.conf: > > bash > Copy code > # TYPE DATABASE USER ADDRESS > METHOD# "local" is for Unix domain socket connections onlylocal all > all trust# IPv4 local > connections: > host all all 127.0.0.1/32 trust# > IPv6 local connections: > host all all ::1/128 trust# > Allow replication connections from localhost, by a user with the# > replication privilege.local replication all > trust > host replication all 127.0.0.1/32 trust > host replication all ::1/128 trust > host repmgr repmgr 127.0.0.1/32 trust > host repmgr repmgr 10.125.0.90/32 trust > # Primary > host replication repmgr 10.125.0.90/32 trust > host repmgr repmgr 10.125.0.91/32 trust > # Standby > host replication repmgr 10.125.0.91/32 trust > host all all 10.125.0.90/32 trust # Node 1 > host all all 10.125.0.91/32 trust > # Node 2#host all all 0.0.0.0/26 trust > host all all 10.125.0.79/32 scram-sha-256 > host all all 0.0.0.0/0 scram-sha-256 > > When I connect via the database port (5432), it prompts for the password as > expected: > > [postgres@scrbtrheldbaas002 ~]$ psql -h 10.125.0.79 -U vkp -d postgres -p 5432 > Password for user vkp: > psql (15.3) > Type "help" for help. > > postgres=> > postgres=> > postgres=> exit > > However, when connecting through Pgpool (port 9999), it does not prompt for > the password: > > [postgres@scrbtrheldbaas002 ~]$ psql -h 10.125.0.79 -U vkp -d postgres -p 9999 > psql (15.3) > Type "help" for help. > > postgres=> > > This behavior might be related to how Pgpool handles authentication. Let me > know if you need further investigation or configuration changes! I guess pgpool is running on IP which is accepted by PostgreSQL using trust auth method, which does not ask a password. Probably you set backend_hostname to 'localhost'? Then it matches with the line in pg_hba.conf: host all all 127.0.0.1/32 trust or host all all ::1/128 trust in which a password is never asked (or maybe other entries whose auth method is trust). Best reagards, -- Tatsuo Ishii SRA OSS K.K. English: http://www.sraoss.co.jp/index_en/ Japanese:http://www.sraoss.co.jp