Re: pam auth - add rhost item

Поиск
Список
Период
Сортировка
От kolo hhmow
Тема Re: pam auth - add rhost item
Дата
Msg-id CAN4hRaYjxOiJPvE41q4XS4wbmnKb-Kc7z7yAS7W6u3vX7dT6xQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: pam auth - add rhost item  (Robert Haas <robertmhaas@gmail.com>)
Ответы Re: pam auth - add rhost item
Список pgsql-hackers
Дерево обсуждения
Yes, but this is very ugly solution, becasue you have to restart postgresql daemon each time you have added a new user.
This solution which I propose is give an abbility to dinamicaly manage user accounts without need to restart each time a user account entry has change.
When you have lot of actively users using postgresql service, you cannot restart the server each time somebody add, or remove some user account entry from the system.
This is whay we uses pam modules with pam-pgsql and with this patch.

On Wed, Oct 14, 2015 at 9:52 PM, Robert Haas <robertmhaas@gmail.com> wrote:
On Tue, Oct 13, 2015 at 4:12 PM, kolo hhmow <grzsmp@gmail.com> wrote:
> Yes, sorry. I was in hurry when I posted this message.
> I dont understand whay in CheckPAMAuth function only PAM_USER item is adding
> to pam information before authenticate?
> Wheter it would be a problem to set additional pam information like
> PAM_RHOST which is very useful because we can use this item to restrict
> access to this ip address.
> I hope I'm more specific now and you will understand me.
> Sorry, but I'm not native english speaker.
> Patch in attachment, and link below to web-view on github:
> https://github.com/grzsmp/postgres/commit/5e2b102ec6de27e786d627623dcb187e997609e4

I don't personally know much about PAM, but if you want to restrict
access by IP, you could do that in pg_hba.conf.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgsql-hackers по дате отправления: