Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Jacob Champion <jchampion@timescale.com>
From: Jacob Champion <jchampion@timescale.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Shaun Thomas <shaun.thomas@enterprisedb.com>, pgsql-hackers@postgresql.org
Date: 2023-08-15T22:39:10Z
Lists: pgsql-hackers
On Tue, Aug 15, 2023 at 3:24 PM Michael Paquier <michael@paquier.xyz> wrote:
> The first message from Jacob outlines the idea behind the handling of
> trust. We could perhaps add one extra set_authn_id() for the uaTrust
> case (not uaCert!) if that's more helpful.
I'm not super comfortable with saying "connection authenticated" when
it explicitly hasn't been (nor with switching the meaning of a
non-NULL SYSTEM_USER from "definitely authenticated somehow" to "who
knows; parse it apart to see"). But adding a log entry ("connection
trusted:" or some such?) with the pointer to the HBA line that made it
happen seems like a useful audit helper to me.
--Jacob
Commits
-
Generate new LOG for "trust" connections under log_connections
- e48b19c5db31 17.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited