| From: | Daniel Farina <daniel(at)heroku(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Vivek Singh Raghuwanshi <vivekraghuwanshi(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Keystone auth in PostgreSQL |
| Date: | 2012-03-16 01:54:15 |
| Message-ID: | CAAZKuFZjqxKc2zRXU9Da14ys=KvEiNHjuLsbvwuKYtirJZftOw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 15, 2012 at 6:38 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Our standard answer when someone asks for $random-auth-method is to
> suggest that they find a PAM module for it and use PAM. I wouldn't
> want to claim that PAM is a particularly great interface for this
> sort of thing, but it's out there and I don't know of any serious
> competition.
I considered writing a PAM module to do some stuff at one time (to try
to solve the two-passwords-for-a-user problem), but the non-intrinsic
complexity to perform pretty simple tasks in the whole thing is pretty
terrible -- it ended up being more attractive to do fairly ugly role
mangling in Postgres's own authentication system. And, like you, I
don't know of any serious competition to PAM in performing simple
authentication delegations.
--
fdr
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2012-03-16 02:03:43 | Re: Keystone auth in PostgreSQL |
| Previous Message | Noah Misch | 2012-03-16 01:52:12 | Re: foreign key locks, 2nd attempt |