Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Michael Paquier <michael@paquier.xyz>
From: Michael Paquier <michael@paquier.xyz>
To: Jacob Champion <jchampion@timescale.com>
Cc: Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>, Shaun Thomas <shaun.thomas@enterprisedb.com>, pgsql-hackers@postgresql.org
Date: 2023-08-21T23:22:36Z
Lists: pgsql-hackers
Attachments
- v4-0001-log_connections-add-entries-for-trust-connections.patch (text/x-diff) patch v4-0001
On Mon, Aug 21, 2023 at 10:49:16AM -0700, Jacob Champion wrote: > On Sun, Aug 20, 2023 at 4:58 PM Michael Paquier <michael@paquier.xyz> wrote: > > Attached is a v3 to do these two things, with adjustments for two SSL > > tests. Any objections about it? > > (Sorry for the long weekend delay.) No objections; you may want to > adjust the comment above the test block in t/001_password.pl, as well. There are additionally two more comments in the SSL tests that could be removed, I guess. Here's a v4, with Robert's latest suggestion added. > I will ask -- more as a rhetorical question than something to resolve > for this patch, since the topic is going to come back with a vengeance > for OAuth -- what purpose the consistency here is serving. If the OP > wants to notice when a connection that should be using strong > authentication is not, is it helpful to make that connection "look the > same" in the logs? I understand we've been carrying the language > "trust authentication method" for a long time, but is that really the > only hang-up, or would there be pushback if I tried to change that > too, sometime in the future? I am not sure that we need to change this historic term, TBH. Perhaps it would be shorter to just rip off the trust method from the tree with a deprecation period but that's not something I'm much in favor off either (I use it daily for my own stuff, as one example). Another, more conservative approach may be to make it a developer-only option and discourage more its use in the docs. -- Michael
Commits
-
Generate new LOG for "trust" connections under log_connections
- e48b19c5db31 17.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 cited