| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Jacob Champion <pchampion(at)vmware(dot)com> |
| Cc: | "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "rjuju123(at)gmail(dot)com" <rjuju123(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
| Subject: | Re: [PATCH] Expose port->authn_id to extensions and triggers |
| Date: | 2022-03-02 07:09:48 |
| Message-ID: | Yh8YPDWBFoM0puXz@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Mar 01, 2022 at 10:03:20PM +0000, Jacob Champion wrote:
> Added a first draft in v5, alongside the perltidy fixups mentioned by
> Michael.
+ The authenticated identity is an immutable identifier for the user
+ presented during the connection handshake; the exact format depends on
+ the authentication method in use. (For example, when using the
+ <literal>scram-sha-256</literal> auth method, the authenticated identity
+ is simply the username. When using the <literal>cert</literal> auth
+ method, the authenticated identity is the Distinguished Name of the
+ client certificate.) Even for auth methods which use the username as
+ the authenticated identity, this function differs from
+ <literal>session_user</literal> in that its return value cannot be
+ changed after login.
That looks enough seen from here. Thanks!
Nit: "auth method" would be a first in the documentation, so this had
better be "authentication method". (No need to send an updated patch
just for that).
So, any comments and/or opinions from others?
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2022-03-02 07:09:57 | Re: Design of pg_stat_subscription_workers vs pgstats |
| Previous Message | Kyotaro Horiguchi | 2022-03-02 07:07:16 | Re: Add the replication origin name and commit-LSN to logical replication worker errcontext |