On Thu, Mar 25, 2021 at 03:54:10PM +0000, Jacob Champion wrote: > It looks like the code paths that lead to a doomed authentication > already provide their own, more specific, logdetail (role doesn't > exist, role has no password, role doesn't have a SCRAM secret, etc.).
Yes, you are right here. I missed the parts before mock_scram_secret() gets called and there are comments in the whole area. Hmm, at the end of the day, I think that would just have verify_client_proof() fill in logdetail when the client proof does not match, and use a wording different than what's proposed upthread to outline that this is a client proof mismatch. -- Michael
signature.asc
Description: PGP signature
