| From: | Amit Langote <amitlangote09(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Logging of PAM Authentication Failure |
| Date: | 2013-05-09 02:40:24 |
| Message-ID: | CA+HiwqEsPO4E2xvN6Ey9ggvXN=KJc5WStVbBVGq7BscKQbV2tw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello,
When client authentication method is set to "pam" in pg_hba.conf,
connecting using psql results in logging of authentication failure
even before a password prompt is provided, nonetheless user is
subsequently able to connect by providing a password. Following is
what is logged:
Password: LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "amit"
To see what's going on I debugged psql and found that without a -W
option, this is bound to happen, since psql first attempts to connect
and without a password (which it doesn't know is required for the
first time), it fails and subsequently prompts for password. Correct
password then leads to successful connection.
I tried to observe the behavior with md5 method (without -W) and
observed that no authentication failure is logged, since server
probably behaves differently in response to the psql's first
connection request in that case. But, pam method leads to it being
logged.
Is this a problem?
--
Amit Langote
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robins Tharakan | 2013-05-09 03:04:55 | Re: Add regression tests for ROLE (USER) |
| Previous Message | Tom Lane | 2013-05-09 02:14:15 | Re: Add regression tests for COLLATE |