On Thu, Jan 14, 2016 at 11:59 PM, Chapman Flack <chap@anastigmatix.net> wrote:
> Forgive my late comment ... I haven't used the PAM support in postgresql
> either, or I'd know. PAM (I know for sure), and I suppose similarly BSD
> Authentication, models a generalized auth interaction where a given
> authentication module can send a number of arbitrary prompts back to the
> client (via callbacks so different protocols and UIs can be used), and
> demand a number of arbitrary responses, so that a variety of authentication
> schemes can easily be supported.
>
> Is the PostgreSQL support (for either PAM or BSD Authentication) able to
> handle that in its designed generality, or only for the case (number of
> requested items = 1, item 1 = a password)?
>
> Could the general form be handled with the existing fe/be protocol,
> or would the protocol have to grow?
We support something like this for GSS, but not for other
authentication methods. See:
http://www.postgresql.org/docs/current/static/protocol-flow.html
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
