| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Re: [PATCHES] Patch to include PAM support... |
| Date: | 2001-08-25 04:47:52 |
| Message-ID: | 29626.998714872@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
"Dominic J. Eidson" <sauron(at)the-infinite(dot)org> writes:
>> Could we change the PAM code so that it tries to run the PAM auth cycle
>> immediately on receipt of a connection request? If it gets a callback
>> for a password, it abandons the PAM conversation, sends off a password
>> request packet, and then tries again when the password comes back.
> I am attempting to do this in a way that's relatively elegant, and the
> code should get sent to -patches tomorrow sometime , after I've had time
> to do some testing.
I think that the main objection to the original form of the PAM patch
was that it would lock up the postmaster until the client responded.
However, that is *not* a concern any longer, since the current code
forks first and authenticates after. Accordingly, you shouldn't be
complexifying the PAM code to avoid waits.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-08-25 04:50:48 | Re: Does the oid column have an implicit index on it? |
| Previous Message | Bruce Momjian | 2001-08-25 04:33:29 | MD5 for ODBC |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominic J. Eidson | 2001-08-25 05:16:49 | Re: Re: [PATCHES] Patch to include PAM support... |
| Previous Message | Christopher Kings-Lynne | 2001-08-25 03:08:12 | RE: DROP CONSTRAINT (UNIQUE) preliminary support |