* Tom Lane wrote:
> it supposes that rolvaliduntil represents an expiration date for the
> user, but really it's only an expiration date for the password.)
Does anyone think the docs for CREATE ROLE/VALID UNTIL should mention
this more clearly? Currently, it is described as
The VALID UNTIL clause sets a date and time after which therole's password is no longer valid. If this clause is
omittedthepassword will be valid for all time.
This is entirely correct, but I think it could be made clearer by adding
a sentence like "This clause does not apply to authentication methods
that do not involve a password, such as trust, ident, and GSSAPI."
And at the top of section 19.3 (Authentication Methods): "Time
restrictions for the logon of users controlled by an external
authentication service, such as GSSAPI or PAM, can be imposed by that
service only, not by PostgreSQL itself."
--
Christian