Re: Proposal: Save user's original authenticated identity for logging
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Jacob Champion <pchampion@vmware.com>
Cc: "magnus@hagander.net" <magnus@hagander.net>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2021-02-01T23:40:13Z
Lists: pgsql-hackers
Greetings, * Jacob Champion (pchampion@vmware.com) wrote: > On Mon, 2021-02-01 at 18:01 -0500, Stephen Frost wrote: > > Ok.. but what's 'go' mean here? We already have views and such for GSS > > and SSL, is the idea to add another view for LDAP and add in columns > > that are returned by pg_stat_get_activity() which are then pulled out by > > that view? Or did you have something else in mind? > > Magnus suggested a function like pg_get_authenticated_identity(), which > is what I was thinking of when I said that. I'm not too interested in > an LDAP-specific view, and I don't think anyone so far has asked for > that. > > My goal is to get this one single point of reference, for all of the > auth backends. The LDAP mapping conversation is separate. Presumably this would be the DN for SSL then..? Not just the CN? How would the issuer DN be included? And the serial? Thanks, Stephen
Commits
-
Add missing $Test::Builder::Level settings
- 73aa5e0cafd0 15.0 landed
- e536a2683439 14.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 landed
-
Fix some issues with SSL and Kerberos tests
- 5a71964a832f 14.0 landed
-
Refactor all TAP test suites doing connection checks
- c50624cdd248 14.0 landed