Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid/incoherent behaviours with the global auth_user option #391

pinaraf opened this issue Jun 7, 2019 · 0 comments · May be fixed by #393

Invalid/incoherent behaviours with the global auth_user option #391

pinaraf opened this issue Jun 7, 2019 · 0 comments · May be fixed by #393
bug something is broken


Copy link

pinaraf commented Jun 7, 2019


When the global auth_user option was introduced in commit 4ea2306, it seems a lot of cases were not handled properly.

  1. The option works only if it is defined before the databases
  2. If the option is defined twice (for instance if it is defined in the main file and later in an included file), the value used will be the last one preceding the databases definitions, but the value displayed in show config will be the second one
  3. When calling SET auth_user = marcel, the newly-set value is not applied unless you reload and did not define it in your configuration before the databases
  4. If you change the option in the configuration and issue a RELOAD, the value applied will, again, depend on the location in the configuration file : if it is after the databases, a second RELOAD will be required to apply the change.

I suggest completely removing the current application of the config auth_user in parse_database in loader.c, and instead, in each code path that tries to use db->auth_user, add a second if branch to use the cf_auth_user instead. If these changes would be fine for you, I can implement them and submit a PR.


@petere petere added the bug something is broken label Aug 3, 2019
petere added a commit to petere/pgbouncer that referenced this issue Oct 14, 2020
A global auth_user setting was pretty confusing and fragile.  It was
looked up while the configuration was read, so it only worked if it
was set before the [databases] section.  Changing it at run time or
changing and reloading also worked in strange ways, depending on
circumstances, because of the ordering dependency.

To fix, look up the setting not while the configuration file is parsed
but later when we actually need it when authenticating a client

analysis and fix by @pinaraf (pgbouncer#393), some tweaking by me

closes pgbouncer#391
@petere petere closed this as completed in 383af56 Oct 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
bug something is broken
None yet

Successfully merging a pull request may close this issue.

2 participants