| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Bad error message on valuntil |
| Date: | 2013-06-08 18:38:28 |
| Message-ID: | 51B37A24.3040509@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 06/07/2013 12:31 PM, Tom Lane wrote:
> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>> On 06/07/2013 11:57 AM, Tom Lane wrote:
>>> I think it's intentional that we don't tell the *client* that level of
>>> detail.
>
>> Why? That seems rather silly.
>
> The general policy on authentication failure reports is that we don't
> tell the client anything it doesn't know already about what the auth
> method is. We can log additional info into the postmaster log if it
I was looking at the code and I saw this catchall:
default:
errstr = gettext_noop("authentication failed
for user \"%s\": invalid authentication method");
break;
I think we could make the argument that if valuntil is expired that the
authentication method is invalid. Thoughts?
Else I am trying to come up with some decent wording... something like:
Authentication failed: not all authentication tokens were met
?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Janes | 2013-06-08 19:02:12 | Re: Hard limit on WAL space used (because PANIC sucks) |
| Previous Message | Kevin Grittner | 2013-06-08 18:35:34 | Re: system catalog pg_rewrite column ev_attr document description problem |