| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | Dhirendra Singh <dhirendraks(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Question about cert authentication method. |
| Date: | 2022-11-27 18:15:43 |
| Message-ID: | CAMkU=1x3ovChrSkEks9juTM9uWfG3DLGQH+ERWQZn8Av+YDqBg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Sun, Nov 27, 2022 at 12:50 AM Dhirendra Singh <dhirendraks(at)gmail(dot)com>
wrote:
> Yes. My question is about the log message.
> Log message in the postmaster says...FATAL: certificate authentication
> failed for user "test (S114546)"
> But certificate authentication should pass because supplied user in the
> connection request and CN in certificate is same.
>
"certificate authentication" is the name for the overall process, and that
overall process did fail. The specific reason for the failure is given in
the server log (but intentionally not passed to the client): 'no match in
usermap "mymap"'.
It should fail afterwards with message that user "test (S114546)" does not
> exist
>
It can't get far enough to fail for that reason, because the usermap
failure squashes it first. If you add a mapping for that non-existent user
(or just stop using a map) then you will get an error about the user not
existing.
Cheers,
Jeff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron | 2022-11-27 21:23:22 | Re: Disable unique constraint in Postgres |
| Previous Message | Scott Ribe | 2022-11-27 16:58:54 | Re: Disable unique constraint in Postgres |