Re: Better auth errors from libpq

On Fri, Sep 12, 2008 at 08:53:39AM +0100, Gregory Stark wrote:
>
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
>
> > Joshua Drake <jd(at)commandprompt(dot)com> writes:
> >> I think something like:
> >
> >> psql: FATAL: Ident authentication failed for user "root"
> >> HINT: http://www.postgresql.org/docs/8.3/static/client-authentication.html
> >
> >> Would be nice.
> ...
> >
> > Or to put it even more baldly: this is not an area in which you
> > can improve matters significantly with five minutes' thought and a
> > one-line patch. It would take some actual work.
>
> Actually I think there is a problem with the original message that
> could be improved. The problem is that "Ident" is a
> Postgres-specific term that a newbie DBA is unlikely to understand.
> What's worse it's an ambiguous term that is easily misunderstood to
> refer to the rfc1413 ident protocol which Postgres might or might
> not be using.

For "Ident" auth, we need to split that functionality into two
separate pieces: socket and network, and add descriptive error
messages for each.

> I would suggest instead describing it using more generic terminology
> though offhand I'm not sure what that would be. A detail line could
> include the Postgres-specific authentication method which failed.

Excellent idea :)

> I do think it's true that the pg_hba setup is far more complex than
> it has to be and that that's a bigger problem than a simple error
> message too.

Agreed. Any ideas as to how we might address this?

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate