When debugging strange and complex pg_hba lines, it can often be quite useful to know which line is matching a particular connection that failed for some reason. Because more often than not, it's actually not using the line in pg_hba.conf that's expected.
The easiest way to do this is to emit an errdetail for the login failure, per this patch. Question is - is that leaking information to the client that we shouldn't be leaking? And if it is, what would be the preferred way to deal with it? We could put that as a detail to basically every single error message coming out of the auth system, but that seems like a bad idea. Or we could make a separate ereport(LOG) before send it to the client, perhaps? Thoughts? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
hba_line.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
