| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Amit Langote <amitlangote09(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Logging of PAM Authentication Failure |
| Date: | 2013-05-28 22:43:06 |
| Message-ID: | 20130528224306.GC3203@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 28, 2013 at 01:32:53PM +0800, Craig Ringer wrote:
> On 05/11/2013 03:25 AM, Robert Haas wrote:
> > Not really. We could potentially fix it by extending the wire
> > protocol to allow the server to respond to the client's startup packet
> > with a further challenge, and extend libpq to report that challenge
> > back to the user and allow sending a response. But that would break
> > on-the-wire compatibility, which we haven't done in a good 10 years,
> > and certainly wouldn't be worthwhile just for this.
> We were just talking about "things we'd like to do in wire protocol 4".
>
> Allowing multi-stage authentication has come up repeatedly and should
> perhaps go on that list. The most obvious case being "ident auth failed,
> demand md5".
Added to TODO.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2013-05-28 22:57:41 | Re: Unsigned integer types |
| Previous Message | Joshua D. Drake | 2013-05-28 22:39:10 | Re: Planning incompatibilities for Postgres 10.0 |