Postgres Pro
Downloads
Home   >   mailing lists

Re: pam auth - add rhost item - Mailing list pgsql-hackers

From kolo hhmow
Subject Re: pam auth - add rhost item
Date
Msg-id CAN4hRabe580wY6s716eq=WB7c6MbvLPOWhxvwYruZCW4OSW8og@mail.gmail.com
Whole thread Raw
In response to Re: pam auth - add rhost item  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: pam auth - add rhost item  (Robert Haas <robertmhaas@gmail.com>)
Re: pam auth - add rhost item  (Peter Eisentraut <peter_e@gmx.net>)
List pgsql-hackers
Tree view
Yes, sorry. I was in hurry when I posted this message.
I dont understand whay in CheckPAMAuth function only PAM_USER item is adding to pam information before authenticate?
Wheter it would be a problem to set additional pam information like PAM_RHOST which is very useful because we can use this item to restrict access to this ip address.
I hope I'm more specific now and you will understand me.
Sorry, but I'm not native english speaker.
Patch in attachment, and link below to web-view on github:
https://github.com/grzsmp/postgres/commit/5e2b102ec6de27e786d627623dcb187e997609e4

On Tue, Oct 13, 2015 at 7:08 PM, Robert Haas <robertmhaas@gmail.com> wrote:
On Mon, Oct 12, 2015 at 12:01 PM, kolo hhmow <grzsmp@gmail.com> wrote:
> Wheter it would be a problem to set additional item (rhost) before
> pam_authentication function in backend/libpq/auth.c?
> It is very useful because you can restrict access to given ip address like
> in mysql.
> And this actually utilized in pam-pgsql, wich cannot be used because rhost
> item is empty.

I can't understand what you are suggesting here.  Perhaps you could be
more specific, or propose a patch.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Attachment

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: [PATCH] SQL function to report log message
Next
From: Rodolfo Campero
Date:
Subject: Re: Duda