Skip site navigation (1) Skip section navigation (2)

Re: Patch to include PAM support...

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Patch to include PAM support...
Date: 2001-06-12 20:26:17
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackerspgsql-patches
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> The interaction that a PAM stack can initiate is limited to prompting for
> one or more values and getting strings as an answer.

We could do that full-up, if only the FE/BE protocol included a prompt
string in the outgoing password request.  However, given the difficulty
of reprogramming clients to cope with multiple password challenges,
you're probably right that handling the single-password case without
any protocol or client API change is the wiser course.

However, I'm still quite concerned about letting the postmaster ignore
its other clients while it's executing a PAM auth cycle that will
invoke who-knows-what processing.  What's your take on that point?

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: Limin LiuDate: 2001-06-12 20:31:04
Subject: Re: Big5 contains '\'
Previous:From: Peter EisentrautDate: 2001-06-12 20:02:52
Subject: Re: Patch to include PAM support...

pgsql-patches by date

Next:From: Bruce MomjianDate: 2001-06-12 20:31:26
Subject: Re: Australian timezone configure option
Previous:From: Peter EisentrautDate: 2001-06-12 20:05:29
Subject: Re: reset all update

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group