Yes, but this is very ugly solution, becasue you have to restart postgresql daemon each time you have added a new user.
> Restart != Reload. You can even do it using SQL.
Yes, this is was my mistake.
This solution which I propose is give an abbility to dinamicaly manage user accounts without need to restart each time a user account entry has change.
> Why do you want to double restrict the access? We already have HBA. Also, you could complicate the management because you need to check two different service configurations to figure out why foo user can't log in. I'm not a PAM expert but my impression is that rhost is an optional item. Therefore, advise PAM users to use HBA is a way to not complicate the actual feature.
I have already explained this in my previous post. Did you read this?
So why postgresql give users an abbility to use a pam modules, when in other side there is advice to not use them?
Anyway.
I do not see any complication with this approach. Just use one configuration entry in pg_hba.conf, and rest entries in some database backend of pam module, which is most convenient with lot of entries than editing pg_hba.conf.
Yes rhost is optional item, which is not actually set to pam information in ofical source code and this is why I need add this patch.