Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue

Jacob Champion <jchampion@timescale.com>

From: Jacob Champion <jchampion@timescale.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Shaun Thomas <shaun.thomas@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, pgsql-hackers@postgresql.org
Date: 2023-08-17T16:42:35Z
Lists: pgsql-hackers
On Thu, Aug 17, 2023 at 9:01 AM Stephen Frost <sfrost@snowman.net> wrote:
> That doesn't seem quite right ... admittedly, 'trust' isn't performing
> authentication but there can certainly be an argument made that the
> basic 'matched a line in pg_hba.conf' is a form of authentication

I'm not personally on board with this argument, but...

> and
> worse really, saying 'not authenticated' would seem to imply that we
> didn't allow the connection when, really, we did, and that could be
> confusing to someone.

...with this one, I agree.

> Maybe 'connection allowed' instead..?

Hm. It hasn't really been allowed yet, either. To illustrate what I mean:

    LOG:  connection received: host=[local]
    LOG:  connection allowed: user="jacob" method=trust
(/home/jacob/src/data/pg16/pg_hba.conf:117)
    LOG:  connection authorized: user=jacob database=postgres
application_name=psql

Maybe "unauthenticated connection:"? "connection without
authentication:"? "connection skipped authentication:"?

--Jacob



Commits

  1. Generate new LOG for "trust" connections under log_connections

  2. Add some information about authenticated identity via log_connections