Re: BUG #15520: PAM authentication + domain socket -> DNS query for symbolic hostname [local]

On Tue, Nov 27, 2018 at 1:39 PM Thomas Munro
<thomas(dot)munro(at)enterprisedb(dot)com> wrote:
> On Tue, Nov 27, 2018 at 3:02 AM Peter Eisentraut
> <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> > On 25/11/2018 23:30, Thomas Munro wrote:
> > > $ psql -h localhost postgres munro
> > > PAM_USER=munro, PAM_RHOST=localhost
> > > $ psql postgres munro
> > > PAM_USER=munro, PAM_RHOST=
> >
> > I think this is the right thing to do.
> >
> > About your patch, if we're not going to set PAM_RHOST, then we should
> > also avoid the call to pg_getnameinfo_all() earlier in CheckPAMAuth().
> > Look at the original patch linked earlier in the thread; we just need to
> > put if statements around both of those hunks.
>
> Thanks for the review. Right. Here's a new version that moves both
> things under the same if, and refactors a long line to fit in passing.

Pushed, and back-patched to 9.6. I wondered whether a documentation
change was warranted, but the special "[local]" value wasn't
documented in the first place, and it shouldn't really surprise anyone
that there is no remote host information for a local connection. A
release note about the change seems sufficient.

Thanks for the report.

--
Thomas Munro
http://www.enterprisedb.com