Peter Eisentraut <peter_e@gmx.net> writes:
>> Basically, we have some people who want it. Now we need to hear from
>> people who don't want it. I have a "no" from Tom and a "yes" from
>> "Peter E" (and the author).
> Not in the current form.
I think Peter's main objection was that it'd always prompt for a
password whether needed or not.
Could we change the PAM code so that it tries to run the PAM auth cycle
immediately on receipt of a connection request? If it gets a callback
for a password, it abandons the PAM conversation, sends off a password
request packet, and then tries again when the password comes back.
Of course, this would be hugely simpler if the work were being done in
a dedicated forked child of the postmaster ;-) ;-) ... just send the
request packet when PAM asks for a password, and sleep till it comes
back.
regards, tom lane