Am 30.11.2011 09:26, schrieb Magnus Hagander:
> I don't believe we do teardown using PAM, just session start. So you'd
> have to have your PAM module check the current state of postgresql
> every time - not keep some internal state.
Okay, that's too bad - if connlimit doesn't do the trick, I'll try and
see how PAM is used, and possibly patch the respective session
teardown-functionality into the server (which shouldn't be too hard, I
guess).
> FWIW, another option for writing your authentication module is to
> write a simple RADIUS server running on the same box. It's pretty
> trivial to do, especially in a high level language. The end result is
> the same as if you use PAM - you get custom authentication that can
> apply specific checks.
I'm much more used to writing PAM modules (which I've already done for
authentication used by an FTP-server), so that'd be my first route to
go, but keeping this in mind is handy, too. Thanks!
--
--- Heiko.