Re: Patch to include PAM support...

Bruce Momjian writes:

> OK, care to give a thumbs up on the patch?
>
>     http://candle.pha.pa.us/cgi-bin/pgpatches

From static inspection I have some doubts about whether this patch would
operate correctly.  The way it is implemented is that if the backend is
instructed to use PAM authentication it pretends to the frontend that
password authentication is going on.  This would probably work correctly
if your PAM setup is that you require exactly one password from the user.
But if the PAM setup does not require a password (Kerberos, rhosts
modules?) it would involve a useless exchange (and possibly prompt) for a
password.  More importantly, though, if the PAM configuration requires
more than one password (perhaps the password is due to be changed), this
implementation will fail (to authenticate).

Dominic, any comments?

--
Peter Eisentraut   peter_e@gmx.net   http://funkturm.homeip.net/~peter