| From: | Heiko Wundram <modelnine(at)modelnine(dot)org> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Limiting number of connections to PostgreSQL per IP (not per DB/user)? |
| Date: | 2011-11-30 08:36:50 |
| Message-ID: | 4ED5EB22.4030109@modelnine.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Am 30.11.2011 09:26, schrieb Magnus Hagander:
> I don't believe we do teardown using PAM, just session start. So you'd
> have to have your PAM module check the current state of postgresql
> every time - not keep some internal state.
Okay, that's too bad - if connlimit doesn't do the trick, I'll try and
see how PAM is used, and possibly patch the respective session
teardown-functionality into the server (which shouldn't be too hard, I
guess).
> FWIW, another option for writing your authentication module is to
> write a simple RADIUS server running on the same box. It's pretty
> trivial to do, especially in a high level language. The end result is
> the same as if you use PAM - you get custom authentication that can
> apply specific checks.
I'm much more used to writing PAM modules (which I've already done for
authentication used by an FTP-server), so that'd be my first route to
go, but keeping this in mind is handy, too. Thanks!
--
--- Heiko.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2011-11-30 08:46:05 | Re: odbc_fdw |
| Previous Message | Magnus Hagander | 2011-11-30 08:26:50 | Re: Limiting number of connections to PostgreSQL per IP (not per DB/user)? |