Re: Proposal: Save user's original authenticated identity for logging

On Fri, 2021-01-29 at 17:30 -0500, Tom Lane wrote:
> What happens if ALTER USER RENAME is done while the session is still
> alive?

IMO the authenticated identity should be write-once. Especially since
one of my goals is to have greater auditability into events as they've
actually happened. So ALTER USER RENAME should have no effect.

This also doesn't really affect third-party auth methods. If I'm bound
as pchampion(at)EXAMPLE(dot)COM and a superuser changes my username to tlane,
you _definitely_ don't want to see my authenticated identity change to
tlane(at)EXAMPLE(dot)COM(dot) That's not who I am.

So the potential confusion would come into play with first-party authn.
From an audit perspective, I think it's worth it. I did authenticate as
pchampion, not tlane.

> More generally, exposing this in log_line_prefix seems like an awfully
> narrow-minded view of what people will want it for. I'd personally
> think pg_stat_activity a better place to look, for example.
> [...]
> Yeah, this seems like about the most expensive way that we could possibly
> choose to make the info available.

I'm happy as long as it's _somewhere_. :D It's relatively easy to
expose a single location through multiple avenues, but currently there
is no single location.

--Jacob