On 6/7/13 2:57 PM, Tom Lane wrote:
> "Joshua D. Drake" <jd@commandprompt.com> writes:
>> I had a customer pulling their hair out today because they couldn't
>> login to their system. The error was consistently:
>
>> 2013-06-07 08:42:44 MST postgres 10.1.11.67 27440 FATAL: password
>> authentication failed for user "user
>
>> However the problem had nothing to do with password authentication. It
>> was because the valuntil on the user had been set till a date in the
>> past. Now technically if we just removed the word "password" from the
>> error it would be accurate but it seems it would be better to say,
>> "FATAL: the user "user" has expired".
>
> I think it's intentional that we don't tell the *client* that level of
> detail. I could see emitting a log message about it, but it's not clear
> whether that will help an unsophisticated user.
Usually, when I log in somewhere and the password is expired, it tells
me that the password is expired. I don't think we gain anything by
hiding that from the user.