Home > mailing lists

Re: Logging of PAM Authentication Failure - Mailing list pgsql-hackers

From	Amit Langote
Subject	Re: Logging of PAM Authentication Failure
Date	May 12, 2013 16:38:09
Msg-id	CA+HiwqGU6Vevw4aWkaUZJUgxb_9SjRYwypJpi5U+V7dD2gTmyQ@mail.gmail.com Whole thread Raw
In response to	Re: Logging of PAM Authentication Failure (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Logging of PAM Authentication Failure (Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp>)
List	pgsql-hackers

Tree view

> auth_failed() in src/backend/libpq/auth.c intentionally logs nothing for
> STATUS_EOF status (ie, client closed the connection without responding).
> But it looks like the PAM code path doesn't have a way to return that
> status code, even when pam_passwd_conv_proc() knows that that's what
> happened, and intentionally printed no log message itself (around line
> 1870 in HEAD).  If there's another response code we could return through
> the PAM layer, this could be fixed, and I think it should be.

So if I get this correctly, does this mean the only thing that needs
to be fixed is unnecessary logging or is there a problem with
authentication exchange itself in case of PAM? Also, when you say PAM
layer, is that pam_passwd_conv_proc() that needs to be able to return
an alternative status code?


--
Amit Langote

pgsql-hackers by date:

From: Fabien COELHO
Date: 12 May 2013, 09:59:43
Subject: Re: [PATCH] add long options to pgbench (submission 1)

From: Jim Nasby
Date: 13 May 2013, 02:18:27
Subject: Re: corrupt pages detected by enabling checksums

Re: Logging of PAM Authentication Failure - Mailing list pgsql-hackers

Previous

Next