Re: pam auth - add rhost item

Поиск
Список
Период
Сортировка
От kolo hhmow
Тема Re: pam auth - add rhost item
Дата
Msg-id CAN4hRaYr4Wxu7KRw-8bu0mnUp2dNJEDMGtHwiauo_ijAR=UfOg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: pam auth - add rhost item  (Euler Taveira <euler@timbira.com.br>)
Ответы Re: pam auth - add rhost item  (Euler Taveira <euler@timbira.com.br>)
Список pgsql-hackers
Дерево обсуждения

On Thu, Oct 15, 2015 at 1:45 AM, Euler Taveira <euler@timbira.com.br> wrote:
On 14-10-2015 17:35, kolo hhmow wrote:
Yes, but this is very ugly solution, becasue you have to restart
postgresql daemon each time you have added a new user.
>
 Restart != Reload. You can even do it using SQL.

Yes, this is was my mistake.
 

This solution which I propose is give an abbility to dinamicaly manage
user accounts without need to restart each time a user account entry has
change.
>
 Why do you want to double restrict the access? We already have HBA. Also, you could complicate the management because you need to check two different service configurations to figure out why foo user can't log in. I'm not a PAM expert but my impression is that rhost is an optional item. Therefore, advise PAM users to use HBA is a way to not complicate the actual feature.


I have already explained this in my previous post. Did you read this?
So why postgresql give users an abbility to use a pam modules, when in other side there is advice to not use them?
Anyway.
I do not see any complication with this approach. Just use one configuration entry in pg_hba.conf, and rest entries in some database backend of pam module, which is most convenient with lot of entries than editing pg_hba.conf.
Yes rhost is optional item, which is not actually set to pam information in ofical source code and this is why I need add this patch.
 
--
   Euler Taveira                   Timbira - http://www.timbira.com.br/
   PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Craig Ringer
Дата:
Сообщение: PATCH: 9.5 replication origins fix for logical decoding
Следующее
От: Andres Freund
Дата:
Сообщение: Re: PATCH: 9.5 replication origins fix for logical decoding