Skip site navigation (1) Skip section navigation (2)

Re: Patch to include PAM support...

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Patch to include PAM support...
Date: 2001-06-12 17:12:58
Message-ID: Pine.LNX.4.30.0106121901130.756-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Bruce Momjian writes:

> OK, care to give a thumbs up on the patch?
>
> 	http://candle.pha.pa.us/cgi-bin/pgpatches

From static inspection I have some doubts about whether this patch would
operate correctly.  The way it is implemented is that if the backend is
instructed to use PAM authentication it pretends to the frontend that
password authentication is going on.  This would probably work correctly
if your PAM setup is that you require exactly one password from the user.
But if the PAM setup does not require a password (Kerberos, rhosts
modules?) it would involve a useless exchange (and possibly prompt) for a
password.  More importantly, though, if the PAM configuration requires
more than one password (perhaps the password is due to be changed), this
implementation will fail (to authenticate).

Dominic, any comments?

-- 
Peter Eisentraut   peter_e(at)gmx(dot)net   http://funkturm.homeip.net/~peter


In response to

Responses

pgsql-hackers by date

Next:From: Dominic J. EidsonDate: 2001-06-12 17:19:59
Subject: Re: Patch to include PAM support...
Previous:From: Mathijs BrandsDate: 2001-06-12 17:09:57
Subject: Re: Patch to include PAM support...

pgsql-patches by date

Next:From: Dominic J. EidsonDate: 2001-06-12 17:19:59
Subject: Re: Patch to include PAM support...
Previous:From: Mathijs BrandsDate: 2001-06-12 17:09:57
Subject: Re: Patch to include PAM support...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group