On Fri, 2021-01-29 at 18:40 -0500, Tom Lane wrote: > Ah. So basically, this comes into play when you consider that some > outside-the-database entity is your "real" authenticated identity. > That seems reasonable when using Kerberos or the like, though it's > not real meaningful for traditional password-type authentication.
Right. > So, if we store this "real" identity, is there any security issue > involved in exposing it to other users (via pg_stat_activity or > whatever)? I think that could be a concern for some, yeah. Besides being able to get information on other logged-in users, the ability to connect an authenticated identity to a username also gives you some insight into the pg_hba configuration. --Jacob
