Re: pam auth - add rhost item

Поиск
Список
Период
Сортировка
От kolo hhmow
Тема Re: pam auth - add rhost item
Дата
Msg-id CAN4hRaYH8VNW7137ApGj=MTeMAp3X8O4bKrSKW-gph7-4VidQQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: pam auth - add rhost item  (Euler Taveira <euler@timbira.com.br>)
Список pgsql-hackers
Дерево обсуждения


On Fri, Oct 16, 2015 at 2:47 PM, Euler Taveira <euler@timbira.com.br> wrote:
On 15-10-2015 05:41, kolo hhmow wrote:
I have already explained this in my previous post. Did you read this?
>
 Yes, I do.

So why postgresql give users an abbility to use a pam modules, when in
other side there is advice to not use them?
Anyway.
>
 Where is such advise? I can't see it in docs [1].
 
Not in docs. You gave such advice:
"Therefore, advise PAM users to use HBA is a way to not complicate the actual feature".
 

I do not see any complication with this approach. Just use one
configuration entry in pg_hba.conf, and rest entries in some database
backend of pam module, which is most convenient with lot of entries than
editing pg_hba.conf.

 Why don't you use a group role? I need just one entry in pg_hba.conf.


[1] http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PAM
[2] http://www.postgresql.org/docs/current/static/role-membership.html


Because cannot restrict from what ip address client can connet in such way.
You can restrict only whole group, not just individual member of such group, or I misunderstand something.
 
 

--
   Euler Taveira                   Timbira - http://www.timbira.com.br/
   PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: TODO list updates
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Error creating gin index on jsonb columns