|
Perhaps you misunderstand me.
It is not user-database, but master-slave interaction that I am concerning.
The master-slave replication proceeds continually and requires no manual interference. Both master and slave’s private key are involved, but ssl_passphrase_command is only
used to parse passphrase of master’s private key. Pgsql cannot get slave’s private key automatically, so replication failed. I’ve tried and proved it did not work. I refered to the list of pgsql’s authenticate methods but did not find an appropriate one for replication. https://www.postgresql.org/docs/12/client-authentication.html Xie Bin 发件人: Magnus Hagander [mailto:magnus@xxxxxxxxxxxx]
On Tue, Oct 27, 2020 at 9:52 AM xiebin (F) <xiebin18@xxxxxxxxxx> wrote:
Why not? The user who can read that file, can also read the entire database on the standby node already.
PostgreSQL replication supports all authentication methods that PostgeSQL supports for regular connections, in general. While I haven't tried it, ssl_passphrase_command should work for this as well as long as it doesn't
require manual user interaction. But it could for example read the passphrase from a pipe where it's provided off,or from a hardware device. Do keep in mind that replication might need multiple authentications (for example if the network disconnects, it has
to reconnect). You can also use for example GSSAPI and Kerberos to do the login. You will then of course have to figure out how to securely authenticate the postgres OS user on the standby node to the Kerberos system, but that's doable.
(Though I believe most Kerberos implementations also rely on filesystem security to protect the tickets, so if you don't trust your filesystem, you may have a problem with that -- as well as indeed most other authentication systems -- so you'd have to investigate
that within the kerberos system). -- Magnus Hagander |
