Michael, > Couldn't you cache one single SASL exchange status for each > connection, meaning one PGconn saved for each? As the challenge sent > by the server and the response generated by the client are different > by design, I am afraid you would need to do that anyway in this > context (Isn't PG-pool using already the weaknesses of MD5 to make > things easier?). As the server decides first which authentication type > should happen before beginning the real message exchange, that should > not be difficult. It seems to me that you would need something more > modular than you have now if you want for example to handle > automatically connections to multiple servers that have different > password hashes stored for the same user. The latter may be an edge > case with pgpool though.
Thank you for the quick response. I will study your suggestion along with the SCRAM code in PostgreSQL whether it could be possible in Pgpool-II. Regarding your question on md5 auth handling in Pgpool-II, please look into: https://pgpool.net/mediawiki/index.php/FAQ#How_does_pgpool-II_handle_md5_authentication.3F Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
