Re: [HACKERS] Re: Patch to include PAM support...
| От | Tom Lane |
|---|---|
| Тема | Re: [HACKERS] Re: Patch to include PAM support... |
| Дата | |
| Msg-id | 29626.998714872@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Patch to include PAM support... ("Dominic J. Eidson" <sauron@the-infinite.org>) |
| Список | pgsql-patches |
"Dominic J. Eidson" <sauron@the-infinite.org> writes:
>> Could we change the PAM code so that it tries to run the PAM auth cycle
>> immediately on receipt of a connection request? If it gets a callback
>> for a password, it abandons the PAM conversation, sends off a password
>> request packet, and then tries again when the password comes back.
> I am attempting to do this in a way that's relatively elegant, and the
> code should get sent to -patches tomorrow sometime , after I've had time
> to do some testing.
I think that the main objection to the original form of the PAM patch
was that it would lock up the postmaster until the client responded.
However, that is *not* a concern any longer, since the current code
forks first and authenticates after. Accordingly, you shouldn't be
complexifying the PAM code to avoid waits.
regards, tom lane
В списке pgsql-patches по дате отправления: