Hi,

There appears to be a problem with starting Postgres if the SSL key
has a passphrase on it. The following happens:

Enter PEM pass phrase:
FATAL: could not load private key file "server.key": problems getting password

Starting with "postgres -D /path/to/cluster" returns:

Enter PEM pass phrase:
LOG: database system was shut down at 2011-09-13 13:51:51 BST
LOG: database system is ready to accept connections
LOG: autovacuum launcher started

So the postgres binary accepts stdin, but pg_ctl doesn't. This isn't
an unusual case, so could I request a fix to allow pg_ctl to take
stdin rather than /dev/null?

Thanks

--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Search Discussions

  • Tom Lane at Sep 13, 2011 at 2:17 pm

    Thom Brown writes:
    There appears to be a problem with starting Postgres if the SSL key
    has a passphrase on it.
    It's documented that that's unsupported. Given the number of ways to
    start a postmaster, and the fact that many of them are noninteractive,
    I don't think it's very productive for us to worry about it.

    regards, tom lane
  • Thom Brown at Sep 13, 2011 at 2:29 pm

    On 13 September 2011 15:17, Tom Lane wrote:
    Thom Brown <thom@linux.com> writes:
    There appears to be a problem with starting Postgres if the SSL key
    has a passphrase on it.
    It's documented that that's unsupported.  Given the number of ways to
    start a postmaster, and the fact that many of them are noninteractive,
    I don't think it's very productive for us to worry about it.
    For reference, could you point me to the page which states this lack
    of support? All I could find was a mention that in order to start the
    service automatically, you would need to remove the passphrase.

    --
    Thom Brown
    Twitter: @darkixion
    IRC (freenode): dark_ixion
    Registered Linux user: #516935

    EnterpriseDB UK: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
  • Thom Brown at Sep 14, 2011 at 1:40 am

    On 13 September 2011 15:17, Tom Lane wrote:
    Thom Brown <thom@linux.com> writes:
    There appears to be a problem with starting Postgres if the SSL key
    has a passphrase on it.
    It's documented that that's unsupported.  Given the number of ways to
    start a postmaster, and the fact that many of them are noninteractive,
    I don't think it's very productive for us to worry about it.
    I've managed to get pg_ctl to accept the passphrase with the -w
    option. Works fine like that. Since that works, perhaps the page
    referring to SSL could mention this.

    --
    Thom Brown
    Twitter: @darkixion
    IRC (freenode): dark_ixion
    Registered Linux user: #516935

    EnterpriseDB UK: http://www.enterprisedb.com
    The Enterprise PostgreSQL Company
  • Bruce Momjian at Aug 16, 2012 at 12:52 am

    On Wed, Sep 14, 2011 at 02:40:15AM +0100, Thom Brown wrote:
    On 13 September 2011 15:17, Tom Lane wrote:
    Thom Brown <thom@linux.com> writes:
    There appears to be a problem with starting Postgres if the SSL key
    has a passphrase on it.
    It's documented that that's unsupported.  Given the number of ways to
    start a postmaster, and the fact that many of them are noninteractive,
    I don't think it's very productive for us to worry about it.
    I've managed to get pg_ctl to accept the passphrase with the -w
    option. Works fine like that. Since that works, perhaps the page
    referring to SSL could mention this.
    I have added a documention mention as you suggested for PG 9.3 in the
    '-w' option section.

    --
    Bruce Momjian <bruce@momjian.us> http://momjian.us
    EnterpriseDB http://enterprisedb.com

    + It's impossible for everything to be true. +

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppgsql-hackers @
categoriespostgresql
postedSep 13, '11 at 1:55p
activeAug 16, '12 at 12:52a
posts5
users3
websitepostgresql.org...
irc#postgresql

People

Translate

site design / logo © 2022 Grokbase