Pgbouncer

Submitted by admin on Fri, 02/15/2019 - 06:16

About

  • pgbouncer is a PostgreSQL connection pooler
  • It reduces the performance impact of opening new connections to PostgreSQL

Use pam method to authenticate a user

  • pgbouncer 1.8 or above
  • pgbouncer.ini
    • auth_type = pam
  • /etc/pam.d/pgbouncer
    • auth  sufficient pam_unix.so
    • account sufficient pam_unix.so

Use pam+ldap to authenticate a user 

  • pgbouncer 1.8 or above
  • pgbouncer.ini
    • auth_type = pam
  • sudo yum install nss-pam-ldapd
  • sudo vi /etc/nslcd.conf
    • uri ldap://??
    • base dc=??
    • binddn ??
    • bindpw ??
  • sudo vi /etc/nsswitch.conf
    • passwd: files ldap
    • shadow: files ldap
    • group: files ldap
  • sudo systemctl enable nslcd
  • sudo systemctl start nslcd
  • # Verify
    • getent passwd
    • getent group
  • sudo vi /etc/pam.d/pgbouncer
    • auth sufficient pam_ldap.so
    • account sufficient pam_ldap.so
    • password sufficient pam_ldap.so
    • session sufficient pam_ldap.so
  • # restart pgbouncer

Reference

  • https://severalnines.com/blog/one-security-system-application-connection-pooling-and-postgresql-case-ldap
  • https://arthurdejong.org/nss-pam-ldapd/
  • https://serverfault.com/questions/633802/ldap-authentication-on-centos-7

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer