| From: | Geoff Tolley <geoff(at)polimetrix(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Rob Cherry <postgresadmin(at)lxrb(dot)com>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Multiple auth types for a connection |
| Date: | 2007-05-02 22:13:11 |
| Message-ID: | 46390CF7.2040200@polimetrix.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Tom Lane wrote:
> Rob Cherry <postgresadmin(at)lxrb(dot)com> writes:
>> Does anyone know if it is possible to overload auth types like this such
>> that if pam fails password would be tried?
>
> No, it's not, as per the Fine Manual:
Provided that you don't care about the security and performance
implications of SSL vs non-SSL connectivity, wouldn't it be possible to
have something like:
hostnossl all all 0.0.0.0/0 krb5
hostssl all all 0.0.0.0/0 md5
... and then have sslmode set to prefer or allow on the client side?
Cheers,
Geoff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-05-02 22:25:03 | Re: reindexdb hangs |
| Previous Message | Tom Lane | 2007-05-02 21:42:38 | Re: Multiple auth types for a connection |