| From: | Euler Taveira <euler(at)timbira(dot)com(dot)br> |
|---|---|
| To: | kolo hhmow <grzsmp(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pam auth - add rhost item |
| Date: | 2015-10-14 23:45:49 |
| Message-ID: | 561EE92D.1030106@timbira.com.br |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 14-10-2015 17:35, kolo hhmow wrote:
> Yes, but this is very ugly solution, becasue you have to restart
> postgresql daemon each time you have added a new user.
>
Restart != Reload. You can even do it using SQL.
> This solution which I propose is give an abbility to dinamicaly manage
> user accounts without need to restart each time a user account entry has
> change.
>
Why do you want to double restrict the access? We already have HBA.
Also, you could complicate the management because you need to check two
different service configurations to figure out why foo user can't log
in. I'm not a PAM expert but my impression is that rhost is an optional
item. Therefore, advise PAM users to use HBA is a way to not complicate
the actual feature.
--
Euler Taveira Timbira - http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-10-14 23:52:15 | Re: Parallel Seq Scan |
| Previous Message | Tom Lane | 2015-10-14 23:23:49 | A bunch of regular-expression improvements |