From: | Christian Ullrich <chris(at)chrullrich(dot)net> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Bad error message on valuntil |
Date: | 2013-06-10 19:00:10 |
Message-ID: | kp57o9$io4$1@ger.gmane.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Tom Lane wrote:
> it supposes that rolvaliduntil represents an expiration date for the
> user, but really it's only an expiration date for the password.)
Does anyone think the docs for CREATE ROLE/VALID UNTIL should mention
this more clearly? Currently, it is described as
The VALID UNTIL clause sets a date and time after which the
role's password is no longer valid. If this clause is omitted
the password will be valid for all time.
This is entirely correct, but I think it could be made clearer by adding
a sentence like "This clause does not apply to authentication methods
that do not involve a password, such as trust, ident, and GSSAPI."
And at the top of section 19.3 (Authentication Methods): "Time
restrictions for the logon of users controlled by an external
authentication service, such as GSSAPI or PAM, can be imposed by that
service only, not by PostgreSQL itself."
--
Christian
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2013-06-10 19:03:19 | Re: ALTER DEFAULT PRIVILEGES FOR ROLE is broken |
Previous Message | Josh Berkus | 2013-06-10 18:59:22 | Re: Hard limit on WAL space used (because PANIC sucks) |