Skip site navigation (1) Skip section navigation (2)

Re: Patch to include PAM support...

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Patch to include PAM support...
Date: 2001-06-12 18:16:14
Message-ID: Pine.LNX.4.30.0106122000440.756-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Dominic J. Eidson writes:

> > if your PAM setup is that you require exactly one password from the user.
> > But if the PAM setup does not require a password (Kerberos, rhosts
> > modules?) it would involve a useless exchange (and possibly prompt) for a
>
> This works fine - if it doesn't require a password, it won't get to the
> "password prompt" step inside the conversation function, and ends up just
> returning "success".

In the patch I'm looking at, the conversation function doesn't do any
actual "prompting", it looks at the password that has previously been
obtained by way of the password packet exchange.  If no password is
required, the password is never looked at, but still obtained.  That by
itself causes psql to print a password prompt.

Perhaps this could work:  In the switch in be_recvauth(), you call the
pam_authenticate() and friends and if the sequence passes you report back
"OK".  In the conversation function -- if it gets called -- send a
password packet and store the answer packet.  You might have to play some
tricks here to obtain the answer packet, though.

> In all of the other remote authentication pieces that I have worked
> with/used (radius, tacacs, etc) - if your password is in need to be
> changed and/or expired - your authentication just fails.

Alright.

-- 
Peter Eisentraut   peter_e(at)gmx(dot)net   http://funkturm.homeip.net/~peter


In response to

pgsql-hackers by date

Next:From: Limin LiuDate: 2001-06-12 18:18:54
Subject: Big5 contains '\'
Previous:From: Bruce MomjianDate: 2001-06-12 18:09:08
Subject: Re: remote database queries

pgsql-patches by date

Next:From: Tom LaneDate: 2001-06-12 18:23:11
Subject: Re: Patch to include PAM support...
Previous:From: Bruce MomjianDate: 2001-06-12 17:59:24
Subject: Re: Patch to include PAM support...

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group