On 2015-07-07 12:03:36 -0400, Peter Eisentraut wrote:
> I think the DN is analogous to the remote user name, which we don't
> expose for any of the other authentication methods.
Huh?
Datum
pg_stat_get_activity(PG_FUNCTION_ARGS)
{ /* Values available to all callers */ values[0] = ObjectIdGetDatum(beentry->st_databaseid); values[1] =
Int32GetDatum(beentry->st_procpid); values[2] = ObjectIdGetDatum(beentry->st_userid);
...
Isn't that like, essentially, all of them? Sure, if you have a ident
mapping set up, then not, but I have a hard time seing that as a
relevant use case.
> I think the default approach for security and authentication related
> information should be conservative, even if there is not a specific
> reason. Or to put it another way: What is the motivation for showing
> this information at all?
That we already show equivalent information and that hiding it from
another place will just be crufty and make monitoring setups more
complex.
Greetings,
Andres Freund