> Couldn't you cache one single SASL exchange status for each
> connection, meaning one PGconn saved for each? As the challenge sent
> by the server and the response generated by the client are different
> by design, I am afraid you would need to do that anyway in this
> context (Isn't PG-pool using already the weaknesses of MD5 to make
> things easier?). As the server decides first which authentication type
> should happen before beginning the real message exchange, that should
> not be difficult. It seems to me that you would need something more
> modular than you have now if you want for example to handle
> automatically connections to multiple servers that have different
> password hashes stored for the same user. The latter may be an edge
> case with pgpool though.

Thank you for the quick response. I will study your suggestion along
with the SCRAM code in PostgreSQL whether it could be possible in

Regarding your question on md5 auth handling in Pgpool-II, please look


Best regards,
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to