On 04/17/2016 09:28 PM, Bill Moran wrote:
> If you have a single line in the pg_hba.conf:
>
> hostssl all all 0.0.0.0/0 md5
>
> Attempting to log in with an incorrect password results in an
> error message about there not being a pg_hba.conf entry for the
> user.
>
> Reading carefully, the error message states that there's no
> pg_hba.conf for the user with **ssl off**.
>
> What I believe is happening, is that the pg connection libs
> first try to connect via ssl and get a password failed error,
> then fallback to trying to connect without ssl, and get a "no
> pg_hba.conf entry" error. The problem is that the second error
> masks the first one, hiding the real cause of the connection
> failure, and causing a lot of confusion.
>
> If we could keep both errors and report them both, I feel like
> it would be an improvement to our client library behavior.
I got both the messages when I tried this with psql. What did you do
when you only got the second message?
Output:
psql: FATAL: password authentication failed for user "andreas"
FATAL: no pg_hba.conf entry for host "127.0.0.1", user "andreas",
database "postgres", SSL off
Andreas
