Logging of PAM Authentication Failure

From: Amit Langote <amitlangote09(at)gmail(dot)com>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Logging of PAM Authentication Failure
Date: 2013-05-09 02:40:24
Message-ID: CA+HiwqEsPO4E2xvN6Ey9ggvXN=KJc5WStVbBVGq7BscKQbV2tw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hello,

When client authentication method is set to "pam" in pg_hba.conf,
connecting using psql results in logging of authentication failure
even before a password prompt is provided, nonetheless user is
subsequently able to connect by providing a password. Following is
what is logged:

Password: LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "amit"

To see what's going on I debugged psql and found that without a -W
option, this is bound to happen, since psql first attempts to connect
and without a password (which it doesn't know is required for the
first time), it fails and subsequently prompts for password. Correct
password then leads to successful connection.

I tried to observe the behavior with md5 method (without -W) and
observed that no authentication failure is logged, since server
probably behaves differently in response to the psql's first
connection request in that case. But, pam method leads to it being
logged.

Is this a problem?

--

Amit Langote

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robins Tharakan 2013-05-09 03:04:55 Re: Add regression tests for ROLE (USER)
Previous Message Tom Lane 2013-05-09 02:14:15 Re: Add regression tests for COLLATE