* Tom Lane wrote:
it supposes that rolvaliduntil represents an expiration date for the
user, but really it's only an expiration date for the password.)
Does anyone think the docs for CREATE ROLE/VALID UNTIL should mention
this more clearly? Currently, it is described as
The VALID UNTIL clause sets a date and time after which the
role's password is no longer valid. If this clause is omitted
the password will be valid for all time.
This is entirely correct, but I think it could be made clearer by adding
a sentence like "This clause does not apply to authentication methods
that do not involve a password, such as trust, ident, and GSSAPI."
And at the top of section 19.3 (Authentication Methods): "Time
restrictions for the logon of users controlled by an external
authentication service, such as GSSAPI or PAM, can be imposed by that
service only, not by PostgreSQL itself."
--
Christian
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers