Tatsuo Ishii <ishii@postgresql.org> writes:
> It seems psql(or libpq) connects to PostgreSQL twice when md5 auth is
> required. Here is a strace log on my Linux machine. Is there any
> reason for this? IMO frontend/backend protocol allows to send salt
> after receiving AuthenticationMD5Password using the same socket. So
> there's no reason to close the socket and make it again. It seems to
> be just waste of resource.
The sequence of events is
1. psql attempts connection
2. libpq receives md5 challenge, realizes it doesn't have password, fails
3. psql collects password from user, tries again
4. libpq successfully makes connection
AFAICS the only alternatives to two connections are
(A) Have psql demand a password from the user before it knows whether
one is needed. Nonstarter for obvious reasons.
(B) Complicate the libpq API to the point where a partially open
connection could be held onto while we ask for a password. Very
messy, and could fail anyway if user takes more than auth_timeout
to enter the password, or enters the wrong password first time.
Two connections are not really a problem IMO, so I would not be in favor
of kluging the API to the extent required by solution (B).
regards, tom lane
