New improved version:
* fixed stupid misuse of PG_FINALLY() (oops, must have been thinking
of another language)
* realised that it was strange to have a GUC for the timeout, and made
a new HBA parameter instead
* added documentation for that
* used TimestampDifferenceMilliseconds() instead of open-coded TimestampTz maths
I don't exactly love the PG_TRY()/PG_CATCH() around the
CHECK_FOR_INTERRUPTS(). In fact this kind of CFI-with-cleanup problem
has been haunting me across several projects. For cases that memory
contexts and resource owners can't help with, I don't currently know
what else to do here. Better ideas welcome. If I just let that
socket leak because I know this backend will soon exit, I'd expect a
knock at the door from the programming police.
I don't actually know why we have
src/test/authentication/t/...{password,sasl,peer}..., but then
src/test/{kerberos,ldap,ssl}/t/001_auth.pl. For this one, I just
copied the second style, creating src/test/radius/t/001_auth.pl. I
can't explain why it should be like that, though. If I propose
another test for PAM, where should it go?