Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Jacob Champion <jchampion@timescale.com>
From: Jacob Champion <jchampion@timescale.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Shaun Thomas <shaun.thomas@enterprisedb.com>,
Michael Paquier <michael@paquier.xyz>, pgsql-hackers@postgresql.org
Date: 2023-08-17T16:42:35Z
Lists: pgsql-hackers
On Thu, Aug 17, 2023 at 9:01 AM Stephen Frost <sfrost@snowman.net> wrote:
> That doesn't seem quite right ... admittedly, 'trust' isn't performing
> authentication but there can certainly be an argument made that the
> basic 'matched a line in pg_hba.conf' is a form of authentication
I'm not personally on board with this argument, but...
> and
> worse really, saying 'not authenticated' would seem to imply that we
> didn't allow the connection when, really, we did, and that could be
> confusing to someone.
...with this one, I agree.
> Maybe 'connection allowed' instead..?
Hm. It hasn't really been allowed yet, either. To illustrate what I mean:
LOG: connection received: host=[local]
LOG: connection allowed: user="jacob" method=trust
(/home/jacob/src/data/pg16/pg_hba.conf:117)
LOG: connection authorized: user=jacob database=postgres
application_name=psql
Maybe "unauthenticated connection:"? "connection without
authentication:"? "connection skipped authentication:"?
--Jacob
Commits
-
Generate new LOG for "trust" connections under log_connections
- e48b19c5db31 17.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited