Michael,
> Couldn't you cache one single SASL exchange status for each
> connection, meaning one PGconn saved for each? As the challenge sent
> by the server and the response generated by the client are different
> by design, I am afraid you would need to do that anyway in this
> context (Isn't PG-pool using already the weaknesses of MD5 to make
> things easier?). As the server decides first which authentication type
> should happen before beginning the real message exchange, that should
> not be difficult. It seems to me that you would need something more
> modular than you have now if you want for example to handle
> automatically connections to multiple servers that have different
> password hashes stored for the same user. The latter may be an edge
> case with pgpool though.
Thank you for the quick response. I will study your suggestion along
with the SCRAM code in PostgreSQL whether it could be possible in
Pgpool-II.
Regarding your question on md5 auth handling in Pgpool-II, please look
into:
https://pgpool.net/mediawiki/index.php/FAQ#How_does_pgpool-II_handle_md5_authentication.3F
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp