Tom, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > What I think we really want here is logging of the general 'system > > user' for all auth methods instead of only for the 'peer' method. > > Well, we don't really know that except in a small subset of auth > methods. I agree that when we do know it, it's useful info to log.
Right. > My big beef with the proposed patch is that the log message is emitted > unconditionally. There are lots and lots of users who feel that during > normal operation, *zero* log messages should get emitted. Those villagers > would be on our doorsteps with pitchforks if we shipped this patch as-is. Agreed. > I would propose that this information should be emitted only when > log_connections is enabled, and indeed that it should be part of the > log_connections message not a separate message. So this leads to > thinking that somehow, the code for individual auth methods should > be able to return an "additional info" field for inclusion in > log_connections. We already have such a concept for auth failures, > cf commit 5e0b5dcab. Apologies if it wasn't clear, but that's exactly what I was suggesting by saying to add it to PerformAuthentication, which is where we emit the connection info when log_connections is enabled. > > ... and also make it available in pg_stat_activity. > > That's moving the goalposts quite a bit, and I'm not sure it's necessary > or even desirable. Let's just get this added to log_connections output, > and then see if there's field demand for more. This was in context of peer_cn, which is just a specific "system user" value and which we're already showing in pg_stat_* info tables. I'd love to have the Kerberos principal available, but I don't think it'd make sense to have a 'pg_stat_kerberos' just for that. I agree that it's moving the goalposts for this patch and could be an independent patch, but I don't see it as any different, from a desirability and requirements perspective, than what we're doing for SSL connections. Thanks! Stephen
Description: Digital signature