Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Jacob Champion <jchampion@timescale.com>,
Michael Paquier <michael@paquier.xyz>, Shaun Thomas <shaun.thomas@enterprisedb.com>, pgsql-hackers@postgresql.org
Date: 2023-08-17T19:29:28Z
Lists: pgsql-hackers
Greetings, On Thu, Aug 17, 2023 at 15:23 Robert Haas <robertmhaas@gmail.com> wrote: > On Thu, Aug 17, 2023 at 12:54 PM Jacob Champion <jchampion@timescale.com> > wrote: > > On Thu, Aug 17, 2023 at 9:46 AM Stephen Frost <sfrost@snowman.net> > wrote: > > > Don't like 'skipped' but that feels closer. > > > > > > How about 'connection bypassed authentication'? > > > > Works for me; see v2. > > For what it's worth, my vote would be for "connection authenticated: > ... method=trust". I don’t have any particular objection to this language and agree that it’s actually closer to how we talk about the trust auth method in our documentation. Maybe if we decided to rework the documentation … or perhaps just ripped “trust” out entirely … but those are whole different things from what we are trying to accomplish here. Thanks, Stephen
Commits
-
Generate new LOG for "trust" connections under log_connections
- e48b19c5db31 17.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited