Re: Proposal: Save user's original authenticated identity for logging

On Mon, 2021-02-08 at 23:35 +0000, Jacob Champion wrote:
> Note that I haven't compiled or tested on
> Windows and BSD yet, so the SSPI and BSD auth changes are eyeballed for
> now.

I've now tested on both.

> - For the SSPI auth method, I pick the format of the identity string
> based on the compatibility mode: "DOMAIN\user" when using compat_realm,
> and "user(at)DOMAIN" otherwise. For Windows DBAs, is this a helpful way to
> visualize the identity, or should I just stick to one format?

After testing on Windows, I think switching formats based on
compat_realm is a good approach. For users not on a domain, the
MACHINE\user format is probably more familiar than user(at)MACHINE(dot)
Inversely, users on a domain probably want to see the modern
user(at)DOMAIN instead.

v2 just updates the patchset to remove the Windows TODO and fill in the
patch notes; no functional changes. The question about escaping log
contents remains.

--Jacob