| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Better detail logging for password auth failures |
| Date: | 2015-12-29 16:07:26 |
| Message-ID: | 595.1451405246@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
We often tell people to look in the postmaster log for more information
about authentication problems; but an off-list question prompted me to
notice that many of the common authentication failure cases don't actually
get any useful commentary in the log. The attached proposed patch
remedies this by adding specific log detail messages for all the
non-out-of-memory cases processed by md5_crypt_verify(). Essentially,
this is just covering cases that I omitted to cover in commit 64e43c59,
for reasons that no longer seem very good to me.
I did not bother with going through the other auth methods in similar
detail. It seems like only password authentication is in use by people
who are in need of this kind of help. (But if someone else wants to do
something similar for other auth methods, feel free.)
In passing, the patch gets rid of a vestigial CHECK_FOR_INTERRUPTS()
call; it was added by e710b65c and IMO should have been removed again
by 6647248e. There's certainly no very good reason to have one right
at that spot anymore.
Any objections?
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| more-password-log-info.patch | text/x-diff | 1.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Boriss Mejias | 2015-12-29 16:13:52 | Re: Testing Postgresql 9.5 RC1 with Alfresco 5.0.d |
| Previous Message | Aleksander Alekseev | 2015-12-29 15:48:51 | Re: Patch: fix lock contention for HASHHDR.mutex |