| From: | Christian Ullrich <chris(at)chrullrich(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Bad error message on valuntil |
| Date: | 2013-06-10 19:00:10 |
| Message-ID: | kp57o9$io4$1@ger.gmane.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane wrote:
> it supposes that rolvaliduntil represents an expiration date for the
> user, but really it's only an expiration date for the password.)
Does anyone think the docs for CREATE ROLE/VALID UNTIL should mention
this more clearly? Currently, it is described as
The VALID UNTIL clause sets a date and time after which the
role's password is no longer valid. If this clause is omitted
the password will be valid for all time.
This is entirely correct, but I think it could be made clearer by adding
a sentence like "This clause does not apply to authentication methods
that do not involve a password, such as trust, ident, and GSSAPI."
And at the top of section 19.3 (Authentication Methods): "Time
restrictions for the logon of users controlled by an external
authentication service, such as GSSAPI or PAM, can be imposed by that
service only, not by PostgreSQL itself."
--
Christian
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2013-06-10 19:03:19 | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
| Previous Message | Josh Berkus | 2013-06-10 18:59:22 | Re: Hard limit on WAL space used (because PANIC sucks) |