| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Patch to include PAM support... |
| Date: | 2001-06-12 20:26:17 |
| Message-ID: | 13600.992377577@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> The interaction that a PAM stack can initiate is limited to prompting for
> one or more values and getting strings as an answer.
We could do that full-up, if only the FE/BE protocol included a prompt
string in the outgoing password request. However, given the difficulty
of reprogramming clients to cope with multiple password challenges,
you're probably right that handling the single-password case without
any protocol or client API change is the wiser course.
However, I'm still quite concerned about letting the postmaster ignore
its other clients while it's executing a PAM auth cycle that will
invoke who-knows-what processing. What's your take on that point?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Limin Liu | 2001-06-12 20:31:04 | Re: Big5 contains '\' |
| Previous Message | Peter Eisentraut | 2001-06-12 20:02:52 | Re: Patch to include PAM support... |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-06-12 20:31:26 | Re: Australian timezone configure option |
| Previous Message | Peter Eisentraut | 2001-06-12 20:05:29 | Re: reset all update |