Re: pam auth - add rhost item
| От | kolo hhmow |
|---|---|
| Тема | Re: pam auth - add rhost item |
| Дата | |
| Msg-id | CAN4hRaYH8VNW7137ApGj=MTeMAp3X8O4bKrSKW-gph7-4VidQQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: pam auth - add rhost item (Euler Taveira <euler@timbira.com.br>) |
| Список | pgsql-hackers |
On Fri, Oct 16, 2015 at 2:47 PM, Euler Taveira <euler@timbira.com.br> wrote:
On 15-10-2015 05:41, kolo hhmow wrote:I have already explained this in my previous post. Did you read this?>
Yes, I do.So why postgresql give users an abbility to use a pam modules, when in>
other side there is advice to not use them?
Anyway.
Where is such advise? I can't see it in docs [1].
Not in docs. You gave such advice:
"Therefore, advise PAM users to use HBA is a way to not complicate the actual feature".
"Therefore, advise PAM users to use HBA is a way to not complicate the actual feature".
I do not see any complication with this approach. Just use oneWhy don't you use a group role? I need just one entry in pg_hba.conf.
configuration entry in pg_hba.conf, and rest entries in some database
backend of pam module, which is most convenient with lot of entries than
editing pg_hba.conf.
[1] http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PAM
[2] http://www.postgresql.org/docs/current/static/role-membership.html
Because cannot restrict from what ip address client can connet in such way.
You can restrict only whole group, not just individual member of such group, or I misunderstand something.
--
Euler Taveira Timbira - http://www.timbira.com.br/
PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento
В списке pgsql-hackers по дате отправления: