Re: pam auth - add rhost item

Hi.
I send new patch:
https://github.com/grzsmp/postgres/commit/3e3a1f187b71acef3f8dc0745da753fb5be821fa

On 12/27/2015 05:31 PM, Grzegorz Sampolski wrote:
> Hi there!
> I'm alive and working on new patch.
> So, I takes into account all suggestions from Tomas and I'll
> add additional parameter `usedns' with `yes/no' values to pass
> resolved hostname or ip address through rhost_item.
>
> On 12/24/2015 03:35 AM, Michael Paquier wrote:
>> On Wed, Dec 16, 2015 at 2:53 AM, Tomas Vondra
>> <tomas(dot)vondra(at)2ndquadrant(dot)com> wrote:
>>> Actually, one more thing - the patch should probably update the docs too,
>>> because client-auth.sgml currently says this in the "auth-pam" section:
>>>
>>> <para>
>>> ...
>>> PAM is used only to validate user name/password pairs.
>>> ...
>>> </para>
>>>
>>> I believe that's no longer true, because the patch adds PAM_RHOST to the
>>> user/password fields.
>>>
>>> Regarding the other PAM_* fields, none of them strikes me as very useful for
>>> our use case.
>>>
>>> In a broader sense, I think this patch is quite desirable, despite being
>>> rather simple (which is good). I certainly don't agree with suggestions that
>>> we can already do things like this through pg_hba.conf. If we're providing
>>> PAM authentication, let's make it as complete/useful as possible. In some
>>> cases modifying PAM may not be feasible - e.g. some management systems rely
>>> on PAM as much as possible, and doing changes in other ways is a major
>>> hassle.
>> There is no input from the author for more than 1 month, I have marked
>> the patch as returned with feedback because of a lack of activity.