Re: Logging of PAM Authentication Failure

> auth_failed() in src/backend/libpq/auth.c intentionally logs nothing for
> STATUS_EOF status (ie, client closed the connection without responding).
> But it looks like the PAM code path doesn't have a way to return that
> status code, even when pam_passwd_conv_proc() knows that that's what
> happened, and intentionally printed no log message itself (around line
> 1870 in HEAD).  If there's another response code we could return through
> the PAM layer, this could be fixed, and I think it should be.

So if I get this correctly, does this mean the only thing that needs
to be fixed is unnecessary logging or is there a problem with
authentication exchange itself in case of PAM? Also, when you say PAM
layer, is that pam_passwd_conv_proc() that needs to be able to return
an alternative status code?


--
Amit Langote