Subject changed. The reason why the patches on 3.0-stable being canceld was:
- it was against our policy (do not add new features to the stable tree) - insecure. anybody can add/change anyone's password. What we are going to do is: Add new option to pg_md5 command so that it could add/change an entry which is not corresponding to OS user. Also the command will be setuid-ed and should be installed as the same uid as pgpool installation(pgpool super user). If uid and euid are identical then the command is being executed by pgpool super user. Othewise the command does not allow to create/change entries other than his/her own one. These changes will be appear in CVS HEAD (aka 3.1). -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp > Ok, let me ask Toshihiro on this. > -- > Tatsuo Ishii > SRA OSS, Inc. Japan > English: http://www.sraoss.co.jp/index_en.php > Japanese: http://www.sraoss.co.jp > >> Tatsuo-san, >> >> Thank you for you prompt reply. From what I can see, such a think was >> commited in revision 1.9(October 1st 2010) by Kitagawa-san, but cancelled in >> revision 1.10. >> I've reported that patch in my fresh 3.0.3 source tree. Compiled ok, works >> fine. I guess it would be a good idea to commit it again ? What do you think >> ? Any reason why it was cancelled ? >> Tell me if I can help. >> >> Br >> >> Sekine >> >> >> Le 24 avr. 2011 à 14:00, [email protected] a écrit : >> >>> Send Pgpool-general mailing list submissions to >>> [email protected] >>> >>> To subscribe or unsubscribe via the World Wide Web, visit >>> http://pgfoundry.org/mailman/listinfo/pgpool-general >>> or, via email, send a message with subject or body 'help' to >>> [email protected] >>> >>> You can reach the person managing the list at >>> [email protected] >>> >>> When replying, please edit your Subject line so it is more specific >>> than "Re: Contents of Pgpool-general digest..." >>> >>> >>> Today's Topics: >>> >>> 1. [3.0.3] pg_md5 limited to current uid ? (S?kine Coulibaly) >>> 2. Re: [3.0.3] pg_md5 limited to current uid ? (Tatsuo Ishii) >>> >>> >>> ---------------------------------------------------------------------- >>> >>> Message: 1 >>> Date: Sat, 23 Apr 2011 23:25:38 +0200 >>> From: S?kine Coulibaly <[email protected]> >>> Subject: [Pgpool-general] [3.0.3] pg_md5 limited to current uid ? >>> To: [email protected] >>> Message-ID: <[email protected]> >>> Content-Type: text/plain; charset="utf-8" >>> >>> Hi there, >>> >>> Let's assume my backends are Linux boxes. On them only root and postgres >>> users are defined (at OS level). In Postgres server, I defined an >>> additionnal user "rouser", so that my Postgres base has 2 users : postgres >>> and rouser. >>> >>> In my understanding, I should be able to do the following to access >>> pgpool-test database logging with that user : >>> >>> psql -p 9999 pgpool-test -U rouser >>> >>> Unfortunately, the authentication fails, because my pool_passwd doesn't >>> include a line like this : >>> >>> rouser:md5XXXXXXXXXXXXXXXXXXXXX >>> >>> Since XXXXXXXXXXXX is not equal to MD5(password), does anyone have a trick ? >>> I Wish I need not create a "rouser" Linux user for this, nor use postgres >>> user. >>> >>> The pg_md5.c code shows : >>> >>> pw = getpwuid(getuid()); >>> ... >>> >>> pg_md5_encrypt(password, pw->pw_name, strlen(pw->pw_name), md5); >>> >>> Which is not very encouraging... >>> >>> >>> Thank you ! >>> >>> Sekine >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: >>> <http://pgfoundry.org/pipermail/pgpool-general/attachments/20110423/ca2f6d97/attachment-0001.html> >>> >>> ------------------------------ >>> >>> Message: 2 >>> Date: Sun, 24 Apr 2011 17:47:25 +0900 (JST) >>> From: Tatsuo Ishii <[email protected]> >>> Subject: Re: [Pgpool-general] [3.0.3] pg_md5 limited to current uid ? >>> To: [email protected] >>> Cc: [email protected] >>> Message-ID: <[email protected]> >>> Content-Type: Text/Plain; charset=us-ascii >>> >>>> Let's assume my backends are Linux boxes. On them only root and postgres >>>> users are defined (at OS level). In Postgres server, I defined an >>>> additionnal user "rouser", so that my Postgres base has 2 users : postgres >>>> and rouser. >>>> >>>> In my understanding, I should be able to do the following to access >>>> pgpool-test database logging with that user : >>>> >>>> psql -p 9999 pgpool-test -U rouser >>>> >>>> Unfortunately, the authentication fails, because my pool_passwd doesn't >>>> include a line like this : >>>> >>>> rouser:md5XXXXXXXXXXXXXXXXXXXXX >>>> >>>> Since XXXXXXXXXXXX is not equal to MD5(password), does anyone have a trick >>>> ? >>>> I Wish I need not create a "rouser" Linux user for this, nor use postgres >>>> user. >>>> >>>> The pg_md5.c code shows : >>>> >>>> pw = getpwuid(getuid()); >>>> ... >>>> >>>> pg_md5_encrypt(password, pw->pw_name, strlen(pw->pw_name), md5); >>>> >>>> Which is not very encouraging... >>> >>> Probably pg_md5 should have "-u user" option or something like this, >>> which allows pgpool super user to create an entry in pool_passwd >>> corresonding to non OS user entry. >>> -- >>> Tatsuo Ishii >>> SRA OSS, Inc. Japan >>> English: http://www.sraoss.co.jp/index_en.php >>> Japanese: http://www.sraoss.co.jp >>> >>> >>> ------------------------------ >>> >>> _______________________________________________ >>> Pgpool-general mailing list >>> [email protected] >>> http://pgfoundry.org/mailman/listinfo/pgpool-general >>> >>> >>> End of Pgpool-general Digest, Vol 77, Issue 17 >>> ********************************************** >> _______________________________________________ >> Pgpool-general mailing list >> [email protected] >> http://pgfoundry.org/mailman/listinfo/pgpool-general > _______________________________________________ > Pgpool-general mailing list > [email protected] > http://pgfoundry.org/mailman/listinfo/pgpool-general _______________________________________________ Pgpool-general mailing list [email protected] http://pgfoundry.org/mailman/listinfo/pgpool-general
