Re: Patch to include PAM support...

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Patch to include PAM support...
Date: 2001-06-12 17:12:58
Message-ID: Pine.LNX.4.30.0106121901130.756-100000@peter.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Bruce Momjian writes:

> OK, care to give a thumbs up on the patch?
>
> http://candle.pha.pa.us/cgi-bin/pgpatches

From static inspection I have some doubts about whether this patch would
operate correctly. The way it is implemented is that if the backend is
instructed to use PAM authentication it pretends to the frontend that
password authentication is going on. This would probably work correctly
if your PAM setup is that you require exactly one password from the user.
But if the PAM setup does not require a password (Kerberos, rhosts
modules?) it would involve a useless exchange (and possibly prompt) for a
password. More importantly, though, if the PAM configuration requires
more than one password (perhaps the password is due to be changed), this
implementation will fail (to authenticate).

Dominic, any comments?

--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Dominic J. Eidson 2001-06-12 17:19:59 Re: Patch to include PAM support...
Previous Message Mathijs Brands 2001-06-12 17:09:57 Re: Patch to include PAM support...

Browse pgsql-patches by date

  From Date Subject
Next Message Dominic J. Eidson 2001-06-12 17:19:59 Re: Patch to include PAM support...
Previous Message Mathijs Brands 2001-06-12 17:09:57 Re: Patch to include PAM support...