From: | Grzegorz Sampolski <grzsmp(at)gmail(dot)com> |
---|---|
To: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, Grzegorz Sampolski <grzsmp(at)gmail(dot)com> |
Cc: | David Fetter <david(at)fetter(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pam auth - add rhost item |
Date: | 2016-03-10 13:11:12 |
Message-ID: | 56E17270.7000808@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi.
In attchment new patch with updated documentation and with small change
to coding style as you suggested.
Regards.
Grzegorz.
On 03/09/2016 08:30 AM, Haribabu Kommi wrote:
> On Tue, Mar 8, 2016 at 10:43 PM, Grzegorz Sampolski <grzsmp(at)gmail(dot)com
> <mailto:grzsmp(at)gmail(dot)com>> wrote:
>> Hi Hari.
>> To use pam modules you can use whatever backend authentication method
>> you want.
>>
>> This is example configuration:
>>
>> Install this library https://github.com/pam-pgsql/pam-pgsql
>> Create some example database <database>, schema access and two tables:
>> pam_auth and pam_account with example defintion:
>>
>> pam_account:
>> db_user character varying(16) NOT NULL,
>> host character varying(255) NOT NULL
>>
>> pam_auth:
>> db_user character varying(16) NOT NULL,
>> password character varying(512) NOT NULL
>>
>> Sample /etc/pam_pgsql.conf:
>> connect = dbname=<database> user=<user> password=<password>
>> auth_query = SELECT password FROM access.pam_auth WHERE db_user = %u
> LIMIT 1
>> acct_query = SELECT '0','0','' FROM access.pam_account WHERE db_user =
>> %u AND (host = %h OR %h LIKE host) ORDER BY host DESC LIMIT 1;
>> pw_type = crypt
>
> Thanks for the details. I am able to test the host limitation based on
> the host from where the connection request is given.This patch
> provides the advantage of getting the connected host address
> details for the PAM modules to provide/restrict the authentication.
>
> A small change in the code, correct the following code from
>
> +if (retval) {
>
> to
>
> if (retval)
> {
>
> as per the code everywhere.
>
>
>> I will try to update documentation in regard to this chagnes, but please
>> take into account that my english isn't fluent so much. So if I'll do
>> some mistakes please correct me.
>
> I am also not a good English speaker :), but we can try to provide to
> as good as possible, later community can help in correcting it if they find
> any problem/improvement.
>
> Regards,
> Hari Babu
> Fujitsu Australia
Attachment | Content-Type | Size |
---|---|---|
pam_auth.patch | text/x-patch | 3.2 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2016-03-10 13:13:21 | Re: Crash with old Windows on new CPU |
Previous Message | Tomas Vondra | 2016-03-10 13:04:37 | Re: POC, WIP: OR-clause support for indexes |