On 2015-07-07 12:03:36 -0400, Peter Eisentraut wrote: > I think the DN is analogous to the remote user name, which we don't > expose for any of the other authentication methods.
Huh? Datum pg_stat_get_activity(PG_FUNCTION_ARGS) { /* Values available to all callers */ values[0] = ObjectIdGetDatum(beentry->st_databaseid); values[1] = Int32GetDatum(beentry->st_procpid); values[2] = ObjectIdGetDatum(beentry->st_userid); ... Isn't that like, essentially, all of them? Sure, if you have a ident mapping set up, then not, but I have a hard time seing that as a relevant use case. > I think the default approach for security and authentication related > information should be conservative, even if there is not a specific > reason. Or to put it another way: What is the motivation for showing > this information at all? That we already show equivalent information and that hiding it from another place will just be crufty and make monitoring setups more complex. Greetings, Andres Freund -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers