| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Chapman Flack <chap(at)anastigmatix(dot)net> |
| Cc: | Marisa Emerson <mje(at)insec(dot)sh>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Proposal: BSD Authentication support |
| Date: | 2016-01-15 15:17:02 |
| Message-ID: | CA+TgmoYZ4yL2j+NyG37ZZSs6mhCq1G-pK_f_pZ2ogq9dk7DjKA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jan 14, 2016 at 11:59 PM, Chapman Flack <chap(at)anastigmatix(dot)net> wrote:
> Forgive my late comment ... I haven't used the PAM support in postgresql
> either, or I'd know. PAM (I know for sure), and I suppose similarly BSD
> Authentication, models a generalized auth interaction where a given
> authentication module can send a number of arbitrary prompts back to the
> client (via callbacks so different protocols and UIs can be used), and
> demand a number of arbitrary responses, so that a variety of authentication
> schemes can easily be supported.
>
> Is the PostgreSQL support (for either PAM or BSD Authentication) able to
> handle that in its designed generality, or only for the case (number of
> requested items = 1, item 1 = a password)?
>
> Could the general form be handled with the existing fe/be protocol,
> or would the protocol have to grow?
We support something like this for GSS, but not for other
authentication methods. See:
http://www.postgresql.org/docs/current/static/protocol-flow.html
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Glyn Astill | 2016-01-15 15:20:48 | Re: jsonb - jsonb operators |
| Previous Message | Benedikt Grundmann | 2016-01-15 15:12:28 | Death by regexp_replace |