Re: pam auth - add rhost item
| От | Haribabu Kommi |
|---|---|
| Тема | Re: pam auth - add rhost item |
| Дата | |
| Msg-id | CAJrrPGdu+ZRHDaKQUYADTzNCQX8GPMQE9+nT0ousfnfxbKUhKA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pam auth - add rhost item (Grzegorz Sampolski <grzsmp@gmail.com>) |
| Ответы |
Re: pam auth - add rhost item
|
| Список | pgsql-hackers |
On Tue, Mar 8, 2016 at 10:43 PM, Grzegorz Sampolski <grzsmp@gmail.com> wrote:
> Hi Hari.
> To use pam modules you can use whatever backend authentication method
> you want.
>
> This is example configuration:
>
> Install this library https://github.com/pam-pgsql/pam-pgsql
> Create some example database <database>, schema access and two tables:
> pam_auth and pam_account with example defintion:
>
> pam_account:
> db_user character varying(16) NOT NULL,
> host character varying(255) NOT NULL
>
> pam_auth:
> db_user character varying(16) NOT NULL,
> password character varying(512) NOT NULL
>
> Sample /etc/pam_pgsql.conf:
> connect = dbname=<database> user=<user> password=<password>
> auth_query = SELECT password FROM access.pam_auth WHERE db_user = %u LIMIT 1
> acct_query = SELECT '0','0','' FROM access.pam_account WHERE db_user =
> %u AND (host = %h OR %h LIKE host) ORDER BY host DESC LIMIT 1;
> pw_type = crypt
Thanks for the details. I am able to test the host limitation based on
> Hi Hari.
> To use pam modules you can use whatever backend authentication method
> you want.
>
> This is example configuration:
>
> Install this library https://github.com/pam-pgsql/pam-pgsql
> Create some example database <database>, schema access and two tables:
> pam_auth and pam_account with example defintion:
>
> pam_account:
> db_user character varying(16) NOT NULL,
> host character varying(255) NOT NULL
>
> pam_auth:
> db_user character varying(16) NOT NULL,
> password character varying(512) NOT NULL
>
> Sample /etc/pam_pgsql.conf:
> connect = dbname=<database> user=<user> password=<password>
> auth_query = SELECT password FROM access.pam_auth WHERE db_user = %u LIMIT 1
> acct_query = SELECT '0','0','' FROM access.pam_account WHERE db_user =
> %u AND (host = %h OR %h LIKE host) ORDER BY host DESC LIMIT 1;
> pw_type = crypt
Thanks for the details. I am able to test the host limitation based on
the host from where the connection request is given.This patch
provides the advantage of getting the connected host address
> I will try to update documentation in regard to this chagnes, but please
> take into account that my english isn't fluent so much. So if I'll do
> some mistakes please correct me.
I am also not a good English speaker :), but we can try to provide to
details for the PAM modules to provide/restrict the authentication.
A small change in the code, correct the following code from
+ if (retval) {
to
if (retval)
{
as per the code everywhere.
as per the code everywhere.
> I will try to update documentation in regard to this chagnes, but please
> take into account that my english isn't fluent so much. So if I'll do
> some mistakes please correct me.
I am also not a good English speaker :), but we can try to provide to
as good as possible, later community can help in correcting it if they find
any problem/improvement.
Regards,
Hari Babu
Fujitsu Australia
Regards,
Hari Babu
Fujitsu Australia
В списке pgsql-hackers по дате отправления: