New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pgbouncer didn't even try auth_query to verify user password #484
Comments
You also need to tell us how you attempted to connect (which command and which options), and the log entries in the postgres and pgbouncer logs from around that time. |
This setup
is not correct. You have two entries for the |
I've change configuration and remove |
I tried your setup and any user into users section cannot login. Looking at the postgres logs, pgbouncer does not try to connect and execute auth_query when user is from users section. Other users (that is not in users section) work fine. It seems a bug to me. |
You are right, I tried too after your comment and It works fine after remove users in |
Yes, I just went through this today, and have some more details. In my specific case I set I find that the statement in the docs "Only a few settings are available here." followed by just the two [EDIT] I also noticed that changes to this did not seem to take effect with a reload, but required actual quit & restart of pgbouncer. |
Addendum to above: reviewing logs from after out config changes, I see:
So in fact it "works" by ignoring the setting where we try to limit the pool size for that user, so there seems to be NO WAY to have TLS and per-user settings. |
Spent better half of the day on this and can confirm that with following config configuration will not let [databases]
pgbench = host=127.0.0.1 port=5431 auth_user=pgbouncer pool_size=4
postgres = host=127.0.0.1 port=5431 auth_user=pgbouncer pool_size=0
[users]
postgres = max_user_connections=2
[pgbouncer]
listen_addr = *
listen_port = 5432
logfile = /var/log/pgbouncer/pgbouncer.log
pidfile = /var/run/pgbouncer/pgbouncer.pid
unix_socket_dir = /var/run/pgbouncer
auth_type = md5
auth_query = SELECT p_user, p_password FROM pgbouncer.auth($1)
auth_file = /etc/pgbouncer/userlist.txt
pool_mode = session
server_reset_query = DISCARD ALL
stats_users = pgbouncer_stats
admin_users = pgbouncer_admin When This pretty much hard blocks us to use |
It has become apparent, also through other reports, that the |
As described in pgbouncer#484, if a user is defined in the [users] section of the config file (perhaps to take advantage of per-user overrides) but then that user is *not* defined in auth_file, pgBouncer currently gets confused when trying to check their password. It sees the user exists, but fails to notice a password was never defined, resulting in no running of auth_query.
As described in pgbouncer#484, if a user is defined in the [users] section of the config file (perhaps to take advantage of per-user overrides) but then that user is *not* defined in auth_file, pgBouncer currently gets confused when trying to check their password. It sees the user exists, but fails to notice a password was never defined, resulting in no running of auth_query. Add a test case to catch this. The case successfully fails before this patchset and succeeds after it.
As described in pgbouncer#484, if a user is defined in the [users] section of the config file (perhaps to take advantage of per-user overrides) but then that user is *not* defined in auth_file, pgBouncer currently gets confused when trying to check their password. It sees the user exists, but fails to notice a password was never defined, resulting in no running of auth_query. Add a test case to catch this. The case successfully fails before this patchset and succeeds after it.
As described in pgbouncer#484, if a user is defined in the [users] section of the config file (perhaps to take advantage of per-user overrides) but then that user is *not* defined in auth_file, pgBouncer currently gets confused when trying to check their password. It sees the user exists, but fails to notice a password was never defined, resulting in no running of auth_query.t Add a test case to catch this. The case successfully fails before this patchset and succeeds after it.
Hi all, I'm stuck and don't know where I'm doing wrong.
I'm try to configure pgbouncer to auth_type = hba and auth_user with auth_query but pgbouncer didn't send request to database. Pgbouncer and Postgres on the same server. What I'm missing
pgbouncer.ini
userlist file
"pgbouncer" "md5be5544d3807b54dd0637f2439ecb03b9"
pgbouncer pg_hba.conf file
postgres pg_hba.conf file
lookup function
The text was updated successfully, but these errors were encountered: