Re: Patch to include PAM support...

> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > It is has the same problems as IDENT, and it doesn't add any new
> > problems, and it meets people's needs, why not add it?
>
> Because (a) it greatly increases the scope of the vulnerability,

How? It is just a new authentication method with the same problems as
our current ones.

> and (b) it adds more code that will need to be rewritten to fix the
> problem. I want to fix the blocking problem first, then solicit a
> PAM patch that fits into the rewritten postmaster.

This seems to fit into the "wait for the perfect fix" solution which I
don't think applies here. There is no saying that a PAM patch will even
be around once we get the rest working.

Basically, we have some people who want it. Now we need to hear from
people who don't want it. I have a "no" from Tom and a "yes" from
"Peter E" (and the author).

We need more votes to decide.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026