On Tue, Feb 16, 2021 at 10:40 PM Paul Martinez <paul...@google.com> wrote: > > On Tue, Feb 16, 2021 at 2:22 AM Amit Kapila <amit.kapil...@gmail.com> wrote: > > > > I don't think we need to update the error messages, it makes the code > > a bit difficult to parse without much benefit. How about just adding > > errdetail? See attached and let me know what you think? > > > > Yeah, I think that looks good. Thanks! >
Okay, I think normally it might not be a good idea to expose additional information about authentication failure especially about pg_hba so as to reduce the risk of exposing information to potential attackers but in this case, it appears to me that it would be helpful for users. Just in case someone else has any opinion, for logical replication connection failures, the messages before and after fix would be: Before fix ERROR: could not connect to the publisher: connection to server at "localhost" (::1), port 5432 failed: FATAL: pg_hba.conf rejects replication connection for host "::1", user "KapilaAm", no encryption After fix error: ERROR: could not connect to the publisher: connection to server at "localhost" (::1), port 5432 failed: FATAL: pg_hba.conf rejects connection for host "::1", user "KapilaAm", database "postgres", no encryption DETAIL: Logical replication connections do not match pg_hba.conf rules using the "replication" keyword. Does anyone see a problem with the DETAIL message or the change of error message (database name appears in the new message) in this case? Attached patch with the updated commit message. -- With Regards, Amit Kapila.
pg_hba_conf_error_message_patch_v03.patch
Description: Binary data
