| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Dhirendra Singh <dhirendraks(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Question about cert authentication method. |
| Date: | 2022-11-25 15:48:26 |
| Message-ID: | 4056953.1669391306@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> On Fri, 2022-11-25 at 15:36 +0530, Dhirendra Singh wrote:
>> I am expecting the connection to fail because user "test (S114546) does not exist. but i am confused about the error message in the server log.
>> It says certificate authentication failed for user "test (S114546)". but CN in the certificate matches with the user name in psql connection request.
>> So certificate authentication should pass. It should fail afterwards.
> Well, "test" is different from "test (S114546)", so what do you expect?
I think the OP is complaining about the message contents, not the
fact of the failure. However, it's intentional that the message sent
to the client is vague about the exact cause of an authentication
failure. Otherwise we might be giving aid to a blackhat trying to
break into the server. The postmaster log is supposed to be more
specific, and it looks to me like what's in the log is accurate.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dhirendra Singh | 2022-11-27 05:49:49 | Re: Question about cert authentication method. |
| Previous Message | Norbert Poellmann | 2022-11-25 13:00:06 | Re: Disable unique constraint in Postgres |