| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pam auth - add rhost item |
| Date: | 2015-12-24 02:35:06 |
| Message-ID: | CAB7nPqSvYUtVURF7ojkf9a6pe7iPPSRvTRMqufwm4FyMNu65GA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Dec 16, 2015 at 2:53 AM, Tomas Vondra
<tomas(dot)vondra(at)2ndquadrant(dot)com> wrote:
> Actually, one more thing - the patch should probably update the docs too,
> because client-auth.sgml currently says this in the "auth-pam" section:
>
> <para>
> ...
> PAM is used only to validate user name/password pairs.
> ...
> </para>
>
> I believe that's no longer true, because the patch adds PAM_RHOST to the
> user/password fields.
>
> Regarding the other PAM_* fields, none of them strikes me as very useful for
> our use case.
>
> In a broader sense, I think this patch is quite desirable, despite being
> rather simple (which is good). I certainly don't agree with suggestions that
> we can already do things like this through pg_hba.conf. If we're providing
> PAM authentication, let's make it as complete/useful as possible. In some
> cases modifying PAM may not be feasible - e.g. some management systems rely
> on PAM as much as possible, and doing changes in other ways is a major
> hassle.
There is no input from the author for more than 1 month, I have marked
the patch as returned with feedback because of a lack of activity.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2015-12-24 02:39:27 | Re: Using quicksort for every external sort run |
| Previous Message | Michael Paquier | 2015-12-24 02:32:52 | Re: RFC: replace pg_stat_activity.waiting with something more descriptive |