Can we improve this error message?
Here's an interesting scenario I happened across recently.
If you have a single line in the pg_hba.conf:
hostssl all all 0.0.0.0/0 md5
Attempting to log in with an incorrect password results in an
error message about there not being a pg_hba.conf entry for the
user.
Reading carefully, the error message states that there's no
pg_hba.conf for the user with **ssl off**.
What I believe is happening, is that the pg connection libs
first try to connect via ssl and get a password failed error,
then fallback to trying to connect without ssl, and get a "no
pg_hba.conf entry" error. The problem is that the second error
masks the first one, hiding the real cause of the connection
failure, and causing a lot of confusion.
If we could keep both errors and report them both, I feel like
it would be an improvement to our client library behavior.
--
Bill Moran
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On 04/17/2016 09:28 PM, Bill Moran wrote:
If you have a single line in the pg_hba.conf:
hostssl all all 0.0.0.0/0 md5
Attempting to log in with an incorrect password results in an
error message about there not being a pg_hba.conf entry for the
user.Reading carefully, the error message states that there's no
pg_hba.conf for the user with **ssl off**.What I believe is happening, is that the pg connection libs
first try to connect via ssl and get a password failed error,
then fallback to trying to connect without ssl, and get a "no
pg_hba.conf entry" error. The problem is that the second error
masks the first one, hiding the real cause of the connection
failure, and causing a lot of confusion.If we could keep both errors and report them both, I feel like
it would be an improvement to our client library behavior.
I got both the messages when I tried this with psql. What did you do
when you only got the second message?
Output:
psql: FATAL: password authentication failed for user "andreas"
FATAL: no pg_hba.conf entry for host "127.0.0.1", user "andreas",
database "postgres", SSL off
Andreas
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Andreas Karlsson <andreas@proxel.se> writes:
On 04/17/2016 09:28 PM, Bill Moran wrote:
What I believe is happening, is that the pg connection libs
first try to connect via ssl and get a password failed error,
then fallback to trying to connect without ssl, and get a "no
pg_hba.conf entry" error. The problem is that the second error
masks the first one, hiding the real cause of the connection
failure, and causing a lot of confusion.
I got both the messages when I tried this with psql. What did you do
when you only got the second message?
Maybe Bill tried it with a rather old libpq? This rings a bell
as being something we fixed awhile back.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
On Apr 26, 2016 4:41 AM, "Tom Lane" <tgl@sss.pgh.pa.us> wrote:
Andreas Karlsson <andreas@proxel.se> writes:
On 04/17/2016 09:28 PM, Bill Moran wrote:
What I believe is happening, is that the pg connection libs
first try to connect via ssl and get a password failed error,
then fallback to trying to connect without ssl, and get a "no
pg_hba.conf entry" error. The problem is that the second error
masks the first one, hiding the real cause of the connection
failure, and causing a lot of confusion.I got both the messages when I tried this with psql. What did you do
when you only got the second message?Maybe Bill tried it with a rather old libpq? This rings a bell
as being something we fixed awhile back.
Yeah, libpq used to keep just one error message. Iirc, this was changed
quite long ago though, but I guess if it's a really old libpq..
/Magnus
Import Notes
Reply to msg id not found: CABUevEyYP_LXf3Q4GbapxzH2Z3+SVR_DY4iwRmYLwA7vRgX-Q@mail.gmail.com