Authentication Methods
pgpool-II 3.7.5 Documentation | |||
---|---|---|---|
Prev | Up | Chapter 6. Client Authentication | Next |
The following subsections describe the authentication methods in more detail.
6.2.1. Trust Authentication
When trust authentication is specified, Pgpool-II assumes that anyone who can connect to the server is authorized to access connect with whatever database user name they specify.
6.2.2. MD5 Password Authentication
This authentication method is the password-based authentication methods in which MD-5-hashed password is sent by client. Since Pgpool-II does not has the visibility of PostgreSQL 's database user password and client application only sends the MD5-hash of the password, so md5 authentication in Pgpool-II is supported using the pool_passwd authentication file.
Note: If Pgpool-II is operated in raw mode or there's only 1 backend configured, you don't need to setup pool_passwd .
6.2.2.1. Authentication file format
This pool_passwd file should contain lines in the following format:
"username:encrypted_passwd"
6.2.2.2. Setting md5 Authentication
here are the steps to enable md5 authentication:
1- Login as the database's operating system user and type "pg_md5 --md5auth --username=username password" user name and md5 encrypted password are registered into pool_passwd. If pool_passwd does not exist yet, pg_md5 command will automatically create it for you.
Note: user name and password must be identical to those registered in PostgreSQL server.
2- Add an appropriate md5 entry to pool_hba.conf . See Section 6.1 for more details.
3- After changing md5 password (in both pool_passwd and PostgreSQL of course), reload the pgpool configurations.
6.2.3. PAM Authentication
This authentication method uses PAM (Pluggable Authentication Modules) as the authentication mechanism. The default PAM service name is pgpool . PAM authentication is supported using user information on the host where Pgpool-II is executed. For more information about PAM, please read the Linux-PAM Page .
To enable PAM authentication, you need to create a service-configuration file for Pgpool-II in the system's PAM configuration directory (which is usually at "/etc/pam.d" ). A sample service-configuration file is installed as "share/pgpool-II/pgpool.pam" under the install directory.
Note: To enable PAM support the Pgpool-II must be configured with "--with-pam"