Re: pam auth - add rhost item

On Tue, Mar 8, 2016 at 10:43 PM, Grzegorz Sampolski <grzsmp(at)gmail(dot)com>
wrote:
> Hi Hari.
> To use pam modules you can use whatever backend authentication method
> you want.
>
> This is example configuration:
>
> Install this library https://github.com/pam-pgsql/pam-pgsql
> Create some example database <database>, schema access and two tables:
> pam_auth and pam_account with example defintion:
>
> pam_account:
> db_user character varying(16) NOT NULL,
> host character varying(255) NOT NULL
>
> pam_auth:
> db_user character varying(16) NOT NULL,
> password character varying(512) NOT NULL
>
> Sample /etc/pam_pgsql.conf:
> connect = dbname=<database> user=<user> password=<password>
> auth_query = SELECT password FROM access.pam_auth WHERE db_user = %u
LIMIT 1
> acct_query = SELECT '0','0','' FROM access.pam_account WHERE db_user =
> %u AND (host = %h OR %h LIKE host) ORDER BY host DESC LIMIT 1;
> pw_type = crypt

Thanks for the details. I am able to test the host limitation based on
the host from where the connection request is given.This patch
provides the advantage of getting the connected host address
details for the PAM modules to provide/restrict the authentication.

A small change in the code, correct the following code from

+ if (retval) {

to

if (retval)
{

as per the code everywhere.

> I will try to update documentation in regard to this chagnes, but please
> take into account that my english isn't fluent so much. So if I'll do
> some mistakes please correct me.

I am also not a good English speaker :), but we can try to provide to
as good as possible, later community can help in correcting it if they find
any problem/improvement.

Regards,
Hari Babu
Fujitsu Australia