Re: Multiple auth types for a connection

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Rob Cherry <postgresadmin(at)lxrb(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Multiple auth types for a connection
Date: 2007-05-02 21:42:38
Message-ID: 21650.1178142158@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Rob Cherry <postgresadmin(at)lxrb(dot)com> writes:
> Does anyone know if it is possible to overload auth types like this such
> that if pam fails password would be tried?

No, it's not, as per the Fine Manual:

: The first record with a matching connection type, client address,
: requested database, and user name is used to perform
: authentication. There is no "fall-through" or "backup": if one record is
: chosen and the authentication fails, subsequent records are not
: considered. If no record matches, access is denied.

Your best bet is probably to list the automated users specifically in
a record that specifies password, and then put another record that
selects pam for everyone else.

regards, tom lane

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Geoff Tolley 2007-05-02 22:13:11 Re: Multiple auth types for a connection
Previous Message Rob Cherry 2007-05-02 20:22:51 Multiple auth types for a connection