Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> The interaction that a PAM stack can initiate is limited to prompting for
> one or more values and getting strings as an answer.
We could do that full-up, if only the FE/BE protocol included a prompt
string in the outgoing password request. However, given the difficulty
of reprogramming clients to cope with multiple password challenges,
you're probably right that handling the single-password case without
any protocol or client API change is the wiser course.
However, I'm still quite concerned about letting the postmaster ignore
its other clients while it's executing a PAM auth cycle that will
invoke who-knows-what processing. What's your take on that point?
regards, tom lane
In response to
pgsql-hackers by date
|Next:||From: Limin Liu||Date: 2001-06-12 20:31:04|
|Subject: Re: Big5 contains '\'|
|Previous:||From: Peter Eisentraut||Date: 2001-06-12 20:02:52|
|Subject: Re: Patch to include PAM support... |
pgsql-patches by date
|Next:||From: Bruce Momjian||Date: 2001-06-12 20:31:26|
|Subject: Re: Australian timezone configure option|
|Previous:||From: Peter Eisentraut||Date: 2001-06-12 20:05:29|
|Subject: Re: reset all update|