我对 PgBouncer 和 Postgresql 中的 auth 方法有一些问题。
错误:
2024-09-28 10:49:28.750 UTC [120] LOG process up: PgBouncer 1.23.1, libevent 2.1.12-stable (epoll), adns: evdns2, tls: OpenSSL 3.0.7 1 Nov 2022
2024-09-28 10:49:32.468 UTC [120] LOG C-0x274199c0: database/[email protected]:38382 login attempt: db=database user=username tls=no replication=no
2024-09-28 10:49:35.840 UTC [120] LOG C-0x274199c0: database/[email protected]:45156 login attempt: db=database user=username tls=no replication=no
2024-09-28 10:49:35.849 UTC [120] LOG S-0x274446b0: database/[email protected]:5432 new connection to server (from 127.0.0.1:57562)
2024-09-28 10:49:35.859 UTC [120] ERROR S-0x274446b0: database/[email protected]:5432 cannot do SCRAM authentication: wrong password type
2024-09-28 10:49:35.859 UTC [120] LOG C-0x274199c0: database/[email protected]:45156 closing because: server login failed: wrong password type (age=0s)
2024-09-28 10:49:35.859 UTC [120] WARNING C-0x274199c0: database/[email protected]:45156 pooler error: server login failed: wrong password type
2024-09-28 10:49:35.859 UTC [120] LOG S-0x274446b0: database/[email protected]:5432 closing because: failed to answer authreq (age=0s)
我不知道为什么 Postgresql 尝试使用 SCRAM 方法进行身份验证。
Postgresql hba 文件:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all trust
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
# ---
# @PgCloud : Add replication user
host replication replica_user 0.0.0.0/0 md5
host all all 0.0.0.0/0 md5
PgBouncer 文件:
[databases]
db_pgcloud = host=127.0.0.1 port=5432 dbname=database user=username
[pgbouncer]
listen_addr = *
listen_port = 6432
auth_type = md5
auth_file = /etc/pgbouncer/auth_file.cfg
pool_mode = transaction
max_client_conn = 2000
default_pool_size = 100
和 auth_file.cfg
"username" "md5aaaa0cce3756d15429bdb3647b144704"
hba 中的“md5”被解释为“md5 或更好”,其中(目前)更好只能表示 SCRAM。
如果 pg_authid 中存储的哈希值是 SCRAM 格式,则与 auth_file.cfg 中存储的 md5 不兼容,因此您会收到“密码类型错误”错误。
您可以登录真实服务器(绕过pgbouncer,或使用superuer),然后重置密码,以便在重置之前通过适当设置password_encryption,以md5格式对密码进行哈希处理。 (你还可以做大约一百万种其他事情,但这种方法似乎最符合你的隐含意图)