May 2018
Intermediate to advanced
576 pages
30h 25m
English
Instead of retrieving passwords from the userlist.txt file, PgBouncer can retrieve them directly from PostgreSQL, using the optional auth_user and auth_query parameters. If auth_user is set, PgBouncer will connect to the database using that user and run auth_query every time it needs to retrieve the password of some user trying to login. The default value of auth_query is as follows:
SELECT usename, passwd FROM pg_shadow WHERE usename=$1
This default is just a minimal functioning example, which illustrates the idea of auth_query; however, it requires giving PgBouncer superuser access to PostgreSQL. Hence it is good practice to use the more sophisticated approach of creating a SECURITY DEFINER function which can retrieve username ...