diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index c4b9971a20..d8b31d94f3 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -230,7 +230,10 @@ hostnogssenc database userreplication specifies that the record
matches if a physical replication connection is requested (note that
- replication connections do not specify any particular database).
+ replication connections do not specify any particular database), but
+ it does not match logical replication connections that specify
+ replication=database and a dbname
+ in their connection string.
Otherwise, this is the name of
a specific PostgreSQL database.
Multiple database names can be supplied by separating them with
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 545635f41a..baa0712c0f 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -417,7 +417,7 @@ ClientAuthentication(Port *port)
#endif
_("no encryption");
- if (am_walsender)
+ if (am_walsender && !am_db_walsender)
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
/* translator: last %s describes encryption state */
@@ -484,7 +484,7 @@ ClientAuthentication(Port *port)
gai_strerror(port->remote_hostname_errcode)) : \
0))
- if (am_walsender)
+ if (am_walsender && !am_db_walsender)
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
/* translator: last %s describes encryption state */