Hi Gurjeet, I have committed your patches to CVS HEAD with my minor editings. It's great that we don't need to restart pgpool-II each time user changed md5 password!
Here are my slight changes to original patch: - Checking pool_config->pool_passwd is not correct way to judge if we need to reopen pool_passwd or not. Rather you should look into enable_pool_hba. Because pool_config->pool_passwd is the base file name of pool_passwd(can be used if you want to change standard "pool_passwd"), and md5 auth is not enabled if enable_pool_hba is off. - Storing pointer to pool_passwd path will not work since the body is located at a stack area(char pool_passwd[POOLMAXPATHLEN+1] around line 425 of mainc.). I modify to copy it to static memory. Chinese, French and German doc maintainer: I have modified documentation around line 3279 of pgpool-en.html. Please update other language. Thanks in advance. -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese: http://www.sraoss.co.jp > Hi Gurjeet, > > Sorry for delay. > I will take care of this tomorrow. > -- > Tatsuo Ishii > SRA OSS, Inc. Japan > English: http://www.sraoss.co.jp/index_en.php > Japanese: http://www.sraoss.co.jp > >> Hi Tatsuo, >> >> Any feedback on the correctness of the patch? >> >> Thanks, >> >> On Mon, Sep 26, 2011 at 10:18 PM, Gurjeet Singh >> <singh.gurj...@gmail.com>wrote: >> >>> Hi Tatsuo, >>> >>> Please find an updated patch. I am now using strcmp() to check if we >>> need to reopne the file, just like the code in main.c, instead of comparing >>> the value with NULL. >>> >>> Regards, >>> >>> >>> On Mon, Sep 26, 2011 at 9:57 PM, Tatsuo Ishii <is...@sraoss.co.jp> wrote: >>> >>>> Thanks for report and patches. I will take care of this. >>>> -- >>>> Tatsuo Ishii >>>> SRA OSS, Inc. Japan >>>> English: http://www.sraoss.co.jp/index_en.php >>>> Japanese: http://www.sraoss.co.jp >>>> >>>> > Hi, >>>> > >>>> > Maybe this is expected behaviour, but it definitely is not >>>> desirable. If >>>> > we add a new user:passwrod to the contents of pool_passwd file and send >>>> a >>>> > reload signal to pgpool, the child processes are still not able to honor >>>> the >>>> > new user and the trying to login using the new user causes error "MD5 >>>> > authentication failed..." >>>> > >>>> > I have diagnosed it back to the fact that pgpool uses stdio.h >>>> interface >>>> > (FILE *) to access the pool_passwd file, and it reads the contents of >>>> the >>>> > file for every new login that requests MD5 authentication. The problem >>>> with >>>> > the stdio.h interface is that it caches the contents of the file and it >>>> does >>>> > not refresh the cache even when the contents of the file change on-disk, >>>> so >>>> > every time pgpool tries to read new user's password it does not see the >>>> new >>>> > entry and hence fails. >>>> > >>>> > To be able to connect as the new user we have to either restart >>>> pgpool >>>> > or wait for a new child to be forked which will see the new contents of >>>> the >>>> > file. All of these problems also apply to the case where we might alter >>>> the >>>> > password of an existing user and update the md5 password in pool_passwd >>>> > file. >>>> > >>>> > I have attached a minimal patch to address this issue. In the patch, >>>> we >>>> > save the file path that was initially used to open the pool_passwd and >>>> upon >>>> > every reload the child closes and reopens the file so that the stdio.h >>>> > interface does not show it cached data. >>>> > >>>> > Regards, >>>> > -- >>>> > Gurjeet Singh >>>> > EnterpriseDB Corporation >>>> > The Enterprise PostgreSQL Company >>>> >>> >>> >>> >>> -- >>> Gurjeet Singh >>> EnterpriseDB Corporation >>> The Enterprise PostgreSQL Company >>> >>> >> >> >> -- >> Gurjeet Singh >> EnterpriseDB Corporation >> The Enterprise PostgreSQL Company > _______________________________________________ > Pgpool-hackers mailing list > Pgpool-hackers@pgfoundry.org > http://pgfoundry.org/mailman/listinfo/pgpool-hackers _______________________________________________ Pgpool-hackers mailing list Pgpool-hackers@pgfoundry.org http://pgfoundry.org/mailman/listinfo/pgpool-hackers
