On Thu, Sep 11, 2008 at 11:28:36PM -0400, Tom Lane wrote:
> Joshua Drake <[EMAIL PROTECTED]> writes:
> > I think something like:
>
> > psql: FATAL: Ident authentication failed for user "root"
> > HINT: http://www.postgresql.org/docs/8.3/static/client-authentication.html
>
> > Would be nice.
>
> Do you really think that's helpful in the typical case where someone
> fat-fingered their password?
>
> I'm not averse to hint messages that are actually helpful, ie,
> reasonably connected to the *specific* failure situation. The problem
> I've got with David's proposal is that it provides a one-size-fits-all
> hint for every possible auth failure. One size does not fit all here.
Here's a few different sizes: one for each auth method.
Cheers,
David.
--
David Fetter <[EMAIL PROTECTED]> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: [EMAIL PROTECTED]
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.167
diff -c -r1.167 auth.c
*** src/backend/libpq/auth.c 1 Aug 2008 11:41:12 -0000 1.167
--- src/backend/libpq/auth.c 12 Sep 2008 03:51:29 -0000
***************
*** 197,202 ****
--- 197,203 ----
auth_failed(Port *port, int status)
{
const char *errstr;
+ const char *hintstr;
/*
* If we failed due to EOF from client, just quit; there's no point in
***************
*** 215,259 ****
{
case uaReject:
errstr = gettext_noop("authentication failed for user
\"%s\": host rejected");
break;
case uaKrb5:
errstr = gettext_noop("Kerberos 5 authentication failed
for user \"%s\"");
break;
case uaGSS:
errstr = gettext_noop("GSSAPI authentication failed for
user \"%s\"");
break;
case uaSSPI:
errstr = gettext_noop("SSPI authentication failed for
user \"%s\"");
break;
case uaTrust:
errstr = gettext_noop("\"trust\" authentication failed
for user \"%s\"");
break;
case uaIdent:
errstr = gettext_noop("Ident authentication failed for
user \"%s\"");
break;
case uaMD5:
case uaCrypt:
case uaPassword:
errstr = gettext_noop("password authentication failed
for user \"%s\"");
break;
#ifdef USE_PAM
case uaPAM:
errstr = gettext_noop("PAM authentication failed for
user \"%s\"");
break;
#endif /* USE_PAM */
#ifdef USE_LDAP
case uaLDAP:
errstr = gettext_noop("LDAP authentication failed for
user \"%s\"");
break;
#endif /* USE_LDAP */
default:
errstr = gettext_noop("authentication failed for user
\"%s\": invalid authentication method");
break;
}
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
! errmsg(errstr, port->user_name)));
/* doesn't return */
}
--- 216,271 ----
{
case uaReject:
errstr = gettext_noop("authentication failed for user
\"%s\": host rejected");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html";);
break;
case uaKrb5:
errstr = gettext_noop("Kerberos 5 authentication failed
for user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#GSSAPI-AUTH";);
break;
case uaGSS:
errstr = gettext_noop("GSSAPI authentication failed for
user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#GSSAPI-AUTH";);
break;
case uaSSPI:
errstr = gettext_noop("SSPI authentication failed for
user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#SSPI-AUTH";);
break;
case uaTrust:
errstr = gettext_noop("\"trust\" authentication failed
for user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#TRUST-AUTH";);
break;
case uaIdent:
errstr = gettext_noop("Ident authentication failed for
user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/client-authentication.html#AUTH-IDENT";);
break;
case uaMD5:
case uaCrypt:
case uaPassword:
errstr = gettext_noop("password authentication failed
for user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PASSWORD";);
break;
#ifdef USE_PAM
case uaPAM:
errstr = gettext_noop("PAM authentication failed for
user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PAM";);
break;
#endif /* USE_PAM */
#ifdef USE_LDAP
case uaLDAP:
errstr = gettext_noop("LDAP authentication failed for
user \"%s\"");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PAM";);
break;
#endif /* USE_LDAP */
default:
errstr = gettext_noop("authentication failed for user
\"%s\": invalid authentication method");
+ hintstr =
gettext_noop("http://www.postgresql.org/docs/current/static/auth-methods.html";);
break;
}
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
! errmsg(errstr, port->user_name),
! errhint(hintstr)));
/* doesn't return */
}
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
