Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date
Msg-id ZNwA+xoZv9lwWqXy@paquier.xyz
Whole thread Raw
In response to Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue  (Jacob Champion <jchampion@timescale.com>)
Responses Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
List pgsql-hackers
On Tue, Aug 15, 2023 at 03:39:10PM -0700, Jacob Champion wrote:
> I'm not super comfortable with saying "connection authenticated" when
> it explicitly hasn't been (nor with switching the meaning of a
> non-NULL SYSTEM_USER from "definitely authenticated somehow" to "who
> knows; parse it apart to see"). But adding a log entry ("connection
> trusted:" or some such?) with the pointer to the HBA line that made it
> happen seems like a useful audit helper to me.

Yeah, thanks for confirming.  That's also the impression I get after
reading again the original thread and the idea of how this code path
is handled in this commit.

We could do something like a LOG "connection: method=%s user=%s
(%s:%d)", without the "authenticated" and "identity" terms from
set_authn_id().  Just to drop an idea.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: Alvaro Herrera
Date:
Subject: Re: Would it be possible to backpatch Close support in libpq (28b5726) to PG16?
Next
From: Andy Fan
Date:
Subject: Re: Avoid a potential unstable test case: xmlmap.sql