| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org>, <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: Patch to include PAM support... |
| Date: | 2001-06-12 17:12:58 |
| Message-ID: | Pine.LNX.4.30.0106121901130.756-100000@peter.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Bruce Momjian writes:
> OK, care to give a thumbs up on the patch?
>
> http://candle.pha.pa.us/cgi-bin/pgpatches
From static inspection I have some doubts about whether this patch would
operate correctly. The way it is implemented is that if the backend is
instructed to use PAM authentication it pretends to the frontend that
password authentication is going on. This would probably work correctly
if your PAM setup is that you require exactly one password from the user.
But if the PAM setup does not require a password (Kerberos, rhosts
modules?) it would involve a useless exchange (and possibly prompt) for a
password. More importantly, though, if the PAM configuration requires
more than one password (perhaps the password is due to be changed), this
implementation will fail (to authenticate).
Dominic, any comments?
--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominic J. Eidson | 2001-06-12 17:19:59 | Re: Patch to include PAM support... |
| Previous Message | Mathijs Brands | 2001-06-12 17:09:57 | Re: Patch to include PAM support... |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominic J. Eidson | 2001-06-12 17:19:59 | Re: Patch to include PAM support... |
| Previous Message | Mathijs Brands | 2001-06-12 17:09:57 | Re: Patch to include PAM support... |