Apologies if this duplicates a previous message, but it looks like the previous one hasn't made it out (since I only subscribed recently):
This is probably a newbie question, but how does one configure pgpool for reasonably secure authentication in replication mode? My use case is one (not terribly) big database that I want to replicate to a warm standby. Everything works OK with replication_mode = false, regardless of which backend is configured. With replication_mode = true, I get an error, "pool_do_auth: backend does not return authenticaton ok". IIUC, this is because the md5 protocol asks the server to supply a salt to the client and the 2 hosts don't come up with the same random number. I can fix this by using "trust" or "password" authentication, but these seem undesirable for our application, since the first doesn't protect the database at all, and the second is highly vulnerable to packet sniffers, etc. Theoretically, all our traffic is inside the firewall, but that's not as reassuring as I'd wish. I had (to the extent I'd thought about it) assumed pgpool would accept an authentication from its client and make a separate authenticated connection to each backend, but I don't see how to configure it to do that. Does pgpool support a more secure form of authentication? Is there a more secure configuration to allow use of these "insecure" protocols within a narrow enough scope that these vulnerabilities are protected? Thanks! Walter PS. I'm using pgpool version 2.0.1(heemauli) on Red Hat Enterprise Linux Server release 5.3
_______________________________________________ Pgpool-general mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-general
