Home > mailing lists

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

From	Michael Paquier
Subject	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
Date	August 21, 2023 02:57:55
Msg-id	ZOKogxFDNYwwbS27@paquier.xyz Whole thread Raw
In response to	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue (Michael Paquier <michael@paquier.xyz>)
Responses	Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue
List	pgsql-hackers

Tree view

On Fri, Aug 18, 2023 at 08:49:16AM +0900, Michael Paquier wrote:
> After sleeping on it, I think that I'd just agree with Robert's point
> to just use the same language as the message, while also agreeing with
> the patch to not set MyClientConnectionInfo.authn_id in the uaTrust
> case, only logging something under log_connections.
>
> +        * No authentication was actually performed; this happens e.g. when the
> +        * trust method is in use.
>
> This comment should be reworded a bit, say "No authentication identity
> was set; blah ..".

Attached is a v3 to do these two things, with adjustments for two SSL
tests.  Any objections about it?

(Note: no backpatch)
--
Michael

Attachment

pgsql-hackers by date:

From: Peter Geoghegan
Date: 21 August 2023, 01:42:39
Subject: Re: POC, WIP: OR-clause support for indexes

From: Peter Smith
Date: 21 August 2023, 03:04:05
Subject: Re: Adding a LogicalRepWorker type field

Re: Logging of matching pg_hba.conf entry during auth skips trust auth, potential security issue - Mailing list pgsql-hackers

Attachment

Previous

Next