Here's an interesting scenario I happened across recently. If you have a single line in the pg_hba.conf:
hostssl all all 0.0.0.0/0 md5 Attempting to log in with an incorrect password results in an error message about there not being a pg_hba.conf entry for the user. Reading carefully, the error message states that there's no pg_hba.conf for the user with **ssl off**. What I believe is happening, is that the pg connection libs first try to connect via ssl and get a password failed error, then fallback to trying to connect without ssl, and get a "no pg_hba.conf entry" error. The problem is that the second error masks the first one, hiding the real cause of the connection failure, and causing a lot of confusion. If we could keep both errors and report them both, I feel like it would be an improvement to our client library behavior. -- Bill Moran -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
