* we can still get the password from client using plain text authentication
* if it is allowed by user
*/
- if (frontend->pool_hba == NULL /*&& config allows */)
+ if (frontend->pool_hba == NULL && pool_config->allow_clear_text_frontend_auth)
{
ereport(LOG,
- (errmsg("usign clear text authentication with frontend"),
- errdetail("backend will still use md5 auth")));
+ (errmsg("using clear text authentication with frontend"),
+ errdetail("backend will still use md5 auth"),
+ errhint("you can disable this behavior by setting allow_clear_text_frontend_auth to off")));
authenticate_frontend_clear_text(frontend);
/* now check again if we have a password now */
if (get_auth_password(MASTER(cp), frontend, 0,
{
ereport(ERROR,
(errmsg("failed to authenticate with backend using md5"),
- errdetail("password type is not valid")));
+ errdetail("valid password not found")));
}
}
* we can still get the password from client using plain text authentication
* if it is allowed by user
*/
- if (frontend->pool_hba == NULL /*&& config allows */)
+ if (frontend->pool_hba == NULL && pool_config->allow_clear_text_frontend_auth)
{
ereport(LOG,
- (errmsg("usign clear text authentication with frontend"),
- errdetail("backend will still use SCRAM auth")));
+ (errmsg("using clear text authentication with frontend"),
+ errdetail("backend will still use SCRAM auth"),
+ errhint("you can disable this behavior by setting allow_clear_text_frontend_auth to off")));
authenticate_frontend_clear_text(frontend);
/* now check again if we have a password now */
if (get_auth_password(MASTER(cp), frontend, 0,
{
ereport(ERROR,
(errmsg("failed to authenticate with backend using SCRAM"),
- errdetail("password type is not valid")));
+ errdetail("valid password not ")));
}
for (i=0;i<NUM_BACKENDS;i++)
false,
NULL, NULL,NULL
},
+ {
+ {"allow_clear_text_frontend_auth", CFGCXT_RELOAD, GENERAL_CONFIG,
+ "allow to use clear text password authentication with clients, when pool_passwd does not contain the user password.",
+ CONFIG_VAR_TYPE_BOOL,false, 0
+ },
+ &g_pool_config.allow_clear_text_frontend_auth,
+ false,
+ NULL, NULL,NULL
+ },
/* End-of-list marker */
EMPTY_CONFIG_BOOL
int connection_life_time; /* if idle for this seconds, connection closes */
int child_max_connections; /* if max_connections received, child exits */
int client_idle_limit; /* If client_idle_limit is n (n > 0), the client is forced to be
- *disconnected after n seconds idle */
+ * disconnected after n seconds idle */
+ bool allow_clear_text_frontend_auth;
+ /* enable Pgpool-II to use clear text password authentication
+ * between Pgpool and client to get the password
+ * when password for user does not exist in pool_password
+ * file.
+ */
int authentication_timeout; /* maximum time in seconds to complete client authentication */
int max_pool; /* max # of connection pool per child */
char *logdir; /* logging directory */
# Delay in seconds to complete client authentication
# 0 means no timeout.
+allow_clear_text_frontend_auth = off
+ # Allow Pgpool-II to use clear text password authentication
+ # with clients, when pool_passwd does not
+ # contain the user password
+
+
# - SSL Connections -
ssl = off
# Delay in seconds to complete client authentication
# 0 means no timeout.
+allow_clear_text_frontend_auth = off
+ # Allow Pgpool-II to use clear text password authentication
+ # with clients, when pool_passwd does not
+ # contain the user password
+
# - SSL Connections -
ssl = off
# Delay in seconds to complete client authentication
# 0 means no timeout.
+allow_clear_text_frontend_auth = off
+ # Allow Pgpool-II to use clear text password authentication
+ # with clients, when pool_passwd does not
+ # contain the user password
+
# - SSL Connections -
ssl = off
# Delay in seconds to complete client authentication
# 0 means no timeout.
+allow_clear_text_frontend_auth = off
+ # Allow Pgpool-II to use clear text password authentication
+ # with clients, when pool_passwd does not
+ # contain the user password
+
# - SSL Connections -
ssl = off
# Delay in seconds to complete client authentication
# 0 means no timeout.
+allow_clear_text_frontend_auth = off
+ # Allow Pgpool-II to use clear text password authentication
+ # with clients, when pool_passwd does not
+ # contain the user password
+
# - SSL Connections -
ssl = off
StrNCpy(status[i].desc, "maximum time in seconds to complete client authentication", POOLCONFIG_MAXNAMELEN);
i++;
+ StrNCpy(status[i].name, "allow_clear_text_frontend_auth", POOLCONFIG_MAXNAMELEN);
+ snprintf(status[i].value, POOLCONFIG_MAXVALLEN, "%d", pool_config->allow_clear_text_frontend_auth);
+ StrNCpy(status[i].desc, "allow to use clear text password auth when pool_passwd does not contain password", POOLCONFIG_MAXDESCLEN);
+ i++;
+
/* - SSL Connections - */
StrNCpy(status[i].name, "ssl", POOLCONFIG_MAXNAMELEN);
snprintf(status[i].value, POOLCONFIG_MAXVALLEN, "%d", pool_config->ssl);
WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, enable_pool_hba);
WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, load_balance_mode);
WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, replication_stop_on_mismatch);
+ WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, allow_clear_text_frontend_auth);
WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, failover_if_affected_tuples_mismatch);
WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, fail_over_on_backend_error);
WD_VERIFY_RECEIVED_CONFIG_PARAMETER_VAL_BOOL(config, wdNode, replicate_select);
goto ERROR_EXIT;
if (json_get_bool_value_for_key(root, "replication_stop_on_mismatch", &config->replication_stop_on_mismatch))
goto ERROR_EXIT;
+ if (json_get_bool_value_for_key(root, "allow_clear_text_frontend_auth", &config->allow_clear_text_frontend_auth))
+ goto ERROR_EXIT;
if (json_get_bool_value_for_key(root, "failover_if_affected_tuples_mismatch", &config->failover_if_affected_tuples_mismatch))
goto ERROR_EXIT;
if (json_get_bool_value_for_key(root, "replicate_select", &config->replicate_select))
jw_put_bool(jNode, "replication_mode", pool_config->replication_mode);
jw_put_bool(jNode, "enable_pool_hba", pool_config->enable_pool_hba);
jw_put_int(jNode, "load_balance_mode", pool_config->load_balance_mode);
+ jw_put_bool(jNode, "allow_clear_text_frontend_auth", pool_config->allow_clear_text_frontend_auth);
jw_put_bool(jNode, "replication_stop_on_mismatch", pool_config->replication_stop_on_mismatch);
jw_put_bool(jNode, "failover_if_affected_tuples_mismatch", pool_config->failover_if_affected_tuples_mismatch);
jw_put_bool(jNode, "replicate_select", pool_config->replicate_select);
projects / pgpool2.git / commitdiff