On Wed, May 8, 2013 at 4:55 PM, Amit Langote
<amitlangote09@gmail.com> wrote:
Hello Raghavendra,
I think probably psql is a problem here. WIthout -W (force password
before connect) option psql has no way knowing if this user needs a
password to connect to the given database. So, psql first attempts a
connection to the database without a password (if -W is not
specified), which fails since server responds with "password needed"
kind of message back to psql (this is because we have set 'pam' as the
authentication method). This makes psql know that a password is needed
for this user/database combination and it prompts for the password and
subsequently connects successfully if correct password is specified.
But this first unsuccessful attempt is indeed logged by the server as
authentication failure just as what you see. So, this logged failure
is just the kind of dummy connection attempt (indeed withoutn
password) made by the psql.
Firstly, Thank you for your insight explanation.
However, if you specify -W option, psql won't connect before it
accepts password. You can try this (and see that no authentication
failure is logged)
Affirmative, I have tried with -W option and it worked as expected and authentication passed as per PAM setup.
However, PG documentation doesn't highlight about this in psql or PAM section, because log entries written are slightly confusing.
I think log entries just mean the authentication has failed with
PAM-specific error message.
Yep... understood.
--
Amit Langote