On 06/07/2013 12:31 PM, Tom Lane wrote:
> "Joshua D. Drake" <jd@commandprompt.com> writes:
>> On 06/07/2013 11:57 AM, Tom Lane wrote:
>>> I think it's intentional that we don't tell the *client* that level of
>>> detail.
>
>> Why? That seems rather silly.
>
> The general policy on authentication failure reports is that we don't
> tell the client anything it doesn't know already about what the auth
> method is. We can log additional info into the postmaster log if it
I was looking at the code and I saw this catchall:
default: errstr = gettext_noop("authentication failed
for user \"%s\": invalid authentication method"); break;
I think we could make the argument that if valuntil is expired that the
authentication method is invalid. Thoughts?
Else I am trying to come up with some decent wording... something like:
Authentication failed: not all authentication tokens were met
?