Magnus Hagander <mag...@hagander.net> writes: > When debugging strange and complex pg_hba lines, it can often be quite > useful to know which line is matching a particular connection that > failed for some reason. Because more often than not, it's actually not > using the line in pg_hba.conf that's expected.
> The easiest way to do this is to emit an errdetail for the login > failure, per this patch. > Question is - is that leaking information to the client that we > shouldn't be leaking? Yes. > And if it is, what would be the preferred way to deal with it? Report to the postmaster log only. errdetail_log should do. BTW, are you sure that auth_failed is only called in cases where an hba line has already been identified? Even if true today, it seems fairly risky to assume that. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers