Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

Jacob Champion <jchampion@timescale.com>

From: Jacob Champion <jchampion@timescale.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Shaun Thomas <shaun.thomas@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, pgsql-hackers@postgresql.org
Date: 2023-08-17T16:53:34Z
Lists: pgsql-hackers

Attachments

On Thu, Aug 17, 2023 at 9:46 AM Stephen Frost <sfrost@snowman.net> wrote:
> Don't like 'skipped' but that feels closer.
>
> How about 'connection bypassed authentication'?

Works for me; see v2.

Thanks!
--Jacob

Commits

  1. Generate new LOG for "trust" connections under log_connections

  2. Add some information about authenticated identity via log_connections