| From: | Amit Langote <amitlangote09(at)gmail(dot)com> |
|---|---|
| To: | Raghavendra <raghavendra(dot)rao(at)enterprisedb(dot)com> |
| Cc: | Postgres General <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: PAM implementation in PG 9.2.3 |
| Date: | 2013-05-08 11:25:53 |
| Message-ID: | CA+HiwqEC6wTqMD6DHi8hxmmTKVm5F0vn2AYyRwjdy42GoUpNrg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello Raghavendra,
I think probably psql is a problem here. WIthout -W (force password
before connect) option psql has no way knowing if this user needs a
password to connect to the given database. So, psql first attempts a
connection to the database without a password (if -W is not
specified), which fails since server responds with "password needed"
kind of message back to psql (this is because we have set 'pam' as the
authentication method). This makes psql know that a password is needed
for this user/database combination and it prompts for the password and
subsequently connects successfully if correct password is specified.
But this first unsuccessful attempt is indeed logged by the server as
authentication failure just as what you see. So, this logged failure
is just the kind of dummy connection attempt (indeed withoutn
password) made by the psql.
However, if you specify -W option, psql won't connect before it
accepts password. You can try this (and see that no authentication
failure is logged)
I think log entries just mean the authentication has failed with
PAM-specific error message.
--
Amit Langote
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Seref Arikan | 2013-05-08 13:40:49 | Does it make sense to break a large query into separate functions? |
| Previous Message | Johann Spies | 2013-05-08 11:21:30 | Design advice requested |