> I had (to the extent I'd thought about it) assumed pgpool would accept > an authentication from its client and make a separate authenticated > connection to each backend, but I don't see how to configure it to do > that.
That's impossible. In md5 auth, backend sends random generated "seed" to client and the client send back encrypted password to backend using the seed. So the client cannot send the encrypted password, which can be accepted by *both* backends. > Does pgpool support a more secure form of authentication? Is there a > more secure configuration to allow use of these "insecure" protocols > within a narrow enough scope that these vulnerabilities are protected? You could use SSH tunnel. -- Tatsuo Ishii SRA OSS, Inc. Japan _______________________________________________ Pgpool-general mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-general
