On Thu, Dec 16, 2010 at 16:22, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Tatsuo Ishii <ishii@postgresql.org> writes:
>> It seems psql(or libpq) connects to PostgreSQL twice when md5 auth is
>> required. Here is a strace log on my Linux machine. Is there any
>> reason for this? IMO frontend/backend protocol allows to send salt
>> after receiving AuthenticationMD5Password using the same socket. So
>> there's no reason to close the socket and make it again. It seems to
>> be just waste of resource.
>
> The sequence of events is
>
> 1. psql attempts connection
> 2. libpq receives md5 challenge, realizes it doesn't have password, fails
> 3. psql collects password from user, tries again
> 4. libpq successfully makes connection
>
> AFAICS the only alternatives to two connections are
>
> (A) Have psql demand a password from the user before it knows whether
> one is needed. Nonstarter for obvious reasons.
>
> (B) Complicate the libpq API to the point where a partially open
> connection could be held onto while we ask for a password. Very
> messy, and could fail anyway if user takes more than auth_timeout
> to enter the password, or enters the wrong password first time.
>
> Two connections are not really a problem IMO, so I would not be in favor
> of kluging the API to the extent required by solution (B).
(B) could be as simple as a callback asking for it, though, couldn't
it? That seems a lot simpler (at least in the API) than trying to
support hanging on to half-connected connections.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/