Skip site navigation (1) Skip section navigation (2)

Re: Patch to include PAM support...

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Patch to include PAM support...
Date: 2001-06-12 20:02:52
Message-ID: Pine.LNX.4.30.0106122149350.756-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Tom Lane writes:

> The larger issue is how a PAM auth method of unknown characteristics
> is going to fit into our existing FE/BE protocol.  It would seem to me
> that a protocol extension will be required.  Lying to the frontend about
> what is happening is very unlikely to prove workable in the long run.
> What if the selected PAM auth method requires the client side to respond
> in some special way?

The interaction that a PAM stack can initiate is limited to prompting for
one or more values and getting strings as an answer.  The PAM-using
application registers a "conversation function" callback, which is
responsible for issuing the prompt and getting at the data in an
application-specific manner.  Ideally, the libpq protocol and API would be
extended to support this generality, but based on Dominic's comments the
password exchange would work to support the useful subset of this
functionality without any protocol or API changes.

Most of the time, PAM is used as a wrapper around some password database
like NIS or LDAP (or maybe even PostgreSQL).

-- 
Peter Eisentraut   peter_e(at)gmx(dot)net   http://funkturm.homeip.net/~peter


In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2001-06-12 20:26:17
Subject: Re: Patch to include PAM support...
Previous:From: Bruce MomjianDate: 2001-06-12 19:08:01
Subject: Re: Improving pg_hba.conf

pgsql-patches by date

Next:From: Marko KreenDate: 2001-06-12 20:03:10
Subject: Re: reset all update
Previous:From: Peter EisentrautDate: 2001-06-12 19:37:43
Subject: Re: reset all update

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group