| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Patch to include PAM support... |
| Date: | 2001-06-12 17:40:49 |
| Message-ID: | 10303.992367649@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
"Dominic J. Eidson" <sauron(at)the-infinite(dot)org> writes:
> My apologies if PAM has somehow been equated to "remote server
> authentication piece" - there is a lot more to PAM than the abillity to
> easily do remote authentication.
Right. Part of the reason I'm concerned is that if we support PAM,
then we don't *know* exactly what it is we are buying into or which
authentication protocol will be used. This doesn't bother me as long
as any PAM-induced failure is confined to the connection trying to use
a particular PAM auth mechanism. But it does bother me if such a problem
can cause denial of service for all clients.
We have this problem already with IDENT, and we know we need to fix it.
I'm just saying that we'd better fix it before we add PAM support, not
after.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hannu Krosing | 2001-06-12 17:50:06 | Re: Implicit order-by in Postgresql? |
| Previous Message | P. Dwayne Miller | 2001-06-12 17:36:02 | Migration from FoxPro |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-06-12 17:59:24 | Re: Patch to include PAM support... |
| Previous Message | Bruce Momjian | 2001-06-12 17:37:39 | Re: DROP CONSTRAINT (UNIQUE) preliminary support |