Magnus,
* Magnus Hagander (magnus@hagander.net) wrote:
> The attached patch implements RADIUS authentication (RFC2865-compatible).
Great! We have a few environments which use RADIUS auth, nice that PG
might be able to use that auth method in the future.
I'm not a fan of having the shared secret stored in a 'regular' config
file. Could you support, or maybe just change it to, breaking that out
into another file? Perhaps something simimlar to how pam_radius_auth
works, where you can also list multiple servers?
http://freeradius.org/pam_radius_auth/
Would also allow using the same file for multiple RADIUS-based servers..
I know pg_hba.conf can just be set to have minimal permissions (and is
on Debian), but that's the kind of file that tends to end up in things
like subversion repositories or puppet configs where they aren't
treated as carefully since, generally, what's in them doesn't come
across as super-sensetive.
Thanks,
Stephen