Re: pam auth - add rhost item

Yes, but this is very ugly solution, becasue you have to restart postgresql
daemon each time you have added a new user.
This solution which I propose is give an abbility to dinamicaly manage user
accounts without need to restart each time a user account entry has change.
When you have lot of actively users using postgresql service, you cannot
restart the server each time somebody add, or remove some user account
entry from the system.
This is whay we uses pam modules with pam-pgsql and with this patch.

On Wed, Oct 14, 2015 at 9:52 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:

> On Tue, Oct 13, 2015 at 4:12 PM, kolo hhmow <grzsmp(at)gmail(dot)com> wrote:
> > Yes, sorry. I was in hurry when I posted this message.
> > I dont understand whay in CheckPAMAuth function only PAM_USER item is
> adding
> > to pam information before authenticate?
> > Wheter it would be a problem to set additional pam information like
> > PAM_RHOST which is very useful because we can use this item to restrict
> > access to this ip address.
> > I hope I'm more specific now and you will understand me.
> > Sorry, but I'm not native english speaker.
> > Patch in attachment, and link below to web-view on github:
> >
> https://github.com/grzsmp/postgres/commit/5e2b102ec6de27e786d627623dcb187e997609e4
>
> I don't personally know much about PAM, but if you want to restrict
> access by IP, you could do that in pg_hba.conf.
>
> --
> Robert Haas
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>