Re: pg_rewind and user / passfile

Sorry for the confusion, I must have done some crazy stuff about the user
of pg_basebackup.

Please just consider the question:
* is there a way to tell pg_rewind to use the passfile?

Thanks!

On Wed, Jan 25, 2023 at 10:37 AM Wiwwo Staff <wiwwo(at)wiwwo(dot)com> wrote:

> Hi!
> I have noticed, if I use
> pg_basebackup -D $PGDATA -h $NEW_PRIMARY -U $SOME_ADMIN_USER
> (where $SOME_ADMIN_USER is a privileged user, not the replica user)
> i got a "show primary_conninfo" as ;
> user=<REPLICA_USER> passfile='/var/lib/postgresql/.pgpass'
> channel_binding=prefer host=pg_red port=5432 sslmode=prefer
> sslcompression=0 sslsni=1 ssl_min_protocol_version=TLSv1.2
> gssencmode=prefer krbsrvname=postgres target_session_attrs=any
>
> Which is cool, since the user is the correct replica user (not the one I
> specified at command line), AND more importantly, there is no pasword there.
>
>
> If instead, on a old primary, I perform a pg_rewind, the primary_conninfo
> is
> user=<USER_I_PASSED_AT_COMMAND_LINE> password=<ITS_PASSWORD_IN_CLEAR>
> channel_binding=prefer host=pg_blue port=5432
> sslmode=prefer sslcompression=0 sslsni=1
> ssl_min_protocol_version=TLSv1.2
> gssencmode=prefer krbsrvname=postgres target_session_attrs=any
> If I user the replica-specific user, i get
> ERROR: permission denied for function pg_read_binary_file
>
> Question (and at the point of this mail):
> * is there a way to tell pg_rewind to use the passfile?
> * Am I doing something wrong?
>
> Thank!
>
>