Home > mailing lists

Re: pam auth - add rhost item - Mailing list pgsql-hackers

From	kolo hhmow
Subject	Re: pam auth - add rhost item
Date	October 15, 2015 00:59:12
Msg-id	CAN4hRaZdM6fLbeG1WMjypYpay+xSWmKCAAa0Q1pbfeDjHL-Ucw@mail.gmail.com Whole thread Raw
In response to	Re: pam auth - add rhost item (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Yes, you right - my mistake.

But editing pg_hba.conf with lot of entries is little inconveniet. When using pam modules with backend database like postgresql/or whatever

is more efficient and convenient - this is whay among others I need pass client ip to pam modules, and then to backend database for example.

So I'm waiting for comments from others.

Thanks.

On Wed, Oct 14, 2015 at 9:52 PM, Robert Haas <robertmhaas@gmail.com> wrote:

On Tue, Oct 13, 2015 at 4:12 PM, kolo hhmow <grzsmp@gmail.com> wrote:
> Yes, sorry. I was in hurry when I posted this message.
> I dont understand whay in CheckPAMAuth function only PAM_USER item is adding
> to pam information before authenticate?
> Wheter it would be a problem to set additional pam information like
> PAM_RHOST which is very useful because we can use this item to restrict
> access to this ip address.
> I hope I'm more specific now and you will understand me.
> Sorry, but I'm not native english speaker.
> Patch in attachment, and link below to web-view on github:
> https://github.com/grzsmp/postgres/commit/5e2b102ec6de27e786d627623dcb187e997609e4

I don't personally know much about PAM, but if you want to restrict
access by IP, you could do that in pg_hba.conf.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 14 October 2015, 23:57:25
Subject: Re: Getting sorted data from foreign server

From: dinesh kumar
Date: 15 October 2015, 01:29:12
Subject: Re: [PROPOSAL] DIAGNOSTICS = SKIPPED_ROW_COUNT

Re: pam auth - add rhost item - Mailing list pgsql-hackers

Previous

Next