| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | Marko Tiikkaja <marko(at)joh(dot)to> |
| Subject: | RADIUS fallback servers |
| Date: | 2017-02-12 15:48:24 |
| Message-ID: | CABUevEwUwqT_pQzuD+nChNsZ=H7rhhXnOoCR_dsXtKmyehBi0w@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
In a discussion at
https://www.postgresql.org/message-id/55D51B54.4050902@joh.to we talked
about adding RADIUS fallback servers. It never got to the point of it being
done.
PFA a patch that implements this.
It supports multiple RADIUS servers. For all other parameters (secret,
port, identifier) one can specify either the exact same number of entries,
in which case each server gets it's own, or exactly one entry in which case
that entry will apply to all servers. (Or zero entries for everything
except secret, which will make it the default).
Each server is tried in order. If it responds positive, auth is OK. If it
responds negative, auth is rejected. If it does not respond at all, we move
on to the next one.
I'm wondering if in doing this we should also make the RADIUS timeout a
configurable as HBA option, since it might become more important now?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| Attachment | Content-Type | Size |
|---|---|---|
| radius_fallback.patch | text/x-patch | 24.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-02-12 17:32:36 | Re: Improve OR conditions on joined columns (common star schema problem) |
| Previous Message | David Rowley | 2017-02-12 11:51:26 | Re: Improve OR conditions on joined columns (common star schema problem) |