Skip site navigation (1) Skip section navigation (2)

Re: Patch to include PAM support...

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Patch to include PAM support...
Date: 2001-06-12 17:59:24
Message-ID: 200106121759.f5CHxON26909@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
> "Dominic J. Eidson" <sauron(at)the-infinite(dot)org> writes:
> > My apologies if PAM has somehow been equated to "remote server
> > authentication piece" - there is a lot more to PAM than the abillity to
> > easily do remote authentication.
> 
> Right.  Part of the reason I'm concerned is that if we support PAM,
> then we don't *know* exactly what it is we are buying into or which
> authentication protocol will be used.  This doesn't bother me as long
> as any PAM-induced failure is confined to the connection trying to use
> a particular PAM auth mechanism.  But it does bother me if such a problem
> can cause denial of service for all clients.
> 
> We have this problem already with IDENT, and we know we need to fix it.
> I'm just saying that we'd better fix it before we add PAM support, not
> after.

It is has the same problems as IDENT, and it doesn't add any new
problems, and it meets people's needs, why not add it?  When we get
IDENT fixed we can fix PAM at the same time.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

In response to

Responses

pgsql-hackers by date

Next:From: Bruce MomjianDate: 2001-06-12 18:00:47
Subject: Re: [PATCH] addition of text_inet, text_cidr and inet_set_masklen
Previous:From: Mike CianfloneDate: 2001-06-12 17:57:40
Subject: vacuum

pgsql-patches by date

Next:From: Peter EisentrautDate: 2001-06-12 18:16:14
Subject: Re: Patch to include PAM support...
Previous:From: Tom LaneDate: 2001-06-12 17:40:49
Subject: Re: Patch to include PAM support...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group