tracking down breakins?

tracking down breakins?IIRC, Microsoft Access first attempts to use the userid associated with the current Access session (default 'Admin') when access data through ODBC linked tables.

FWIW,

Mike Mascari
mascarm@mascari.com
----- Original Message -----
From: Johnson, Shaunn

Running PostgreSQL 7.2.1 on RedHat Linux 7.2

A similar question to what David Siebert was
asking - I am trying to locate users that are trying
to log in as someone else in PostgreSQL.

I have the postmaster running the debug with level 2
and when I review my logs, I see this:

[snip from logs]

Jan 6 09:11:46 test_srv postgres[30134]: [228919] FATAL 1: Password
authentication failed for user "Admin"

[/snip from logs]

How can I trace back *who* is trying to log in as 'Admin' and how
can I stop it? If I run debug on any higher level, the response is
much slower; perhaps there is another way?

"Johnson, Shaunn" <SJohnson6@bcbsm.com> writes:

A similar question to what David Siebert was
asking - I am trying to locate users that are trying
to log in as someone else in PostgreSQL.

Again, I think log_connections is what you're looking for.

Note that a failed connection attempt is *not* necessarily a sign of
evil intent. For example, I believe that psql does not prompt the
user for a password unless its initial attempt to connect is rejected
by the server with a "password required" error. So you will see a
failed attempt and then a (hopefully) successful attempt a few seconds
later, whenever you are using password authentication.

regards, tom lane