Greetings, gentlemen.
Here in my work, we have about 100 PostgreSQL machines and about 20 users
with superuser privileges.
This group of 20 people change constantly, so it's cumbersome create a role
for each. Instead, we map all of then in pg_ident.conf.
The problem is: with current postgres log, I just know that a postgres user
connect, but I don't know which one is in case that more than one user is
logged in the server.
This simple log line can create the relations needed for an audit.
Feel free to comment and criticize.
--
José Arthur Benetasso Villanova
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 57c2f48..db111e0 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1610,6 +1610,9 @@ auth_peer(hbaPort *port)
strlcpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1);
+ ereport(LOG,
+ (errmsg("Received a unix socket connection from %s", ident_user)));
+
return check_usermap(port->hba->usermap, port->user_name, ident_user, false);
}
#endif /* HAVE_UNIX_SOCKETS */
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
