From: | Jacob Champion <pchampion(at)vmware(dot)com> |
---|---|
To: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Cc: | "stark(at)mit(dot)edu" <stark(at)mit(dot)edu>, "magnus(at)hagander(dot)net" <magnus(at)hagander(dot)net>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: Proposal: Save user's original authenticated identity for logging |
Date: | 2021-02-11 20:32:45 |
Message-ID: | 2870147caa759155c5c8a232bbd2399f41f76491.camel@vmware.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, 2021-02-08 at 23:35 +0000, Jacob Champion wrote:
> Note that I haven't compiled or tested on
> Windows and BSD yet, so the SSPI and BSD auth changes are eyeballed for
> now.
I've now tested on both.
> - For the SSPI auth method, I pick the format of the identity string
> based on the compatibility mode: "DOMAIN\user" when using compat_realm,
> and "user(at)DOMAIN" otherwise. For Windows DBAs, is this a helpful way to
> visualize the identity, or should I just stick to one format?
After testing on Windows, I think switching formats based on
compat_realm is a good approach. For users not on a domain, the
MACHINE\user format is probably more familiar than user(at)MACHINE(dot)
Inversely, users on a domain probably want to see the modern
user(at)DOMAIN instead.
v2 just updates the patchset to remove the Windows TODO and fill in the
patch notes; no functional changes. The question about escaping log
contents remains.
--Jacob
Attachment | Content-Type | Size |
---|---|---|
v2-0001-prep-test-kerberos-only-search-forward-in-logs.patch | text/x-patch | 1.9 KB |
v2-0002-prep-add-port-peer_dn.patch | text/x-patch | 3.1 KB |
v2-0003-Log-authenticated-identity-from-all-auth-backends.patch | text/x-patch | 28.7 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Munro | 2021-02-11 21:03:55 | Re: Detecting pointer misalignment (was Re: pgsql: Implementation of subscripting for jsonb) |
Previous Message | Tom Lane | 2021-02-11 20:23:31 | Re: parse mistake in ecpg connect string |