Re: Proposal: Save user's original authenticated identity for logging
Jacob Champion <pchampion@vmware.com>
From: Jacob Champion <pchampion@vmware.com>
To: "michael@paquier.xyz" <michael@paquier.xyz>
Cc: "magnus@hagander.net" <magnus@hagander.net>, "stark@mit.edu" <stark@mit.edu>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, "sfrost@snowman.net" <sfrost@snowman.net>, "tgl@sss.pgh.pa.us" <tgl@sss.pgh.pa.us>
Date: 2021-03-24T16:45:35Z
Lists: pgsql-hackers
Attachments
- v10-0001-ssl-store-client-s-DN-in-port-peer_dn.patch (text/x-patch) patch v10-0001
- v10-0002-Log-authenticated-identity-from-all-auth-backend.patch (text/x-patch) patch v10-0002
On Tue, 2021-03-23 at 14:21 +0900, Michael Paquier wrote: > I am not really sure that we need to bother about the ordering of the > entries here, as long as we check for all of them within the same > fragment of the log file, so I would just go down to the simplest > solution that I posted upthread that is enough to make sure that the > verbosity is protected. That's what we do elsewhere, like with > command_checks_all() and such. With low-coverage test suites, I think it's useful to allow as little strange behavior as possible -- in this case, printing authorization before authentication could signal a serious bug -- but I don't feel too strongly about it. v10 attached, which reverts to v8 test behavior, with minor updates to the commit message and test comment. --Jacob
Commits
-
Add missing $Test::Builder::Level settings
- 73aa5e0cafd0 15.0 landed
- e536a2683439 14.0 landed
-
Add some information about authenticated identity via log_connections
- 9afffcb833d3 14.0 landed
-
Fix some issues with SSL and Kerberos tests
- 5a71964a832f 14.0 landed
-
Refactor all TAP test suites doing connection checks
- c50624cdd248 14.0 landed