Magnus, * Magnus Hagander (mag...@hagander.net) wrote: > The attached patch implements RADIUS authentication (RFC2865-compatible).
Great! We have a few environments which use RADIUS auth, nice that PG might be able to use that auth method in the future. I'm not a fan of having the shared secret stored in a 'regular' config file. Could you support, or maybe just change it to, breaking that out into another file? Perhaps something simimlar to how pam_radius_auth works, where you can also list multiple servers? http://freeradius.org/pam_radius_auth/ Would also allow using the same file for multiple RADIUS-based servers.. I know pg_hba.conf can just be set to have minimal permissions (and is on Debian), but that's the kind of file that tends to end up in things like subversion repositories or puppet configs where they aren't treated as carefully since, generally, what's in them doesn't come across as super-sensetive. Thanks, Stephen
signature.asc
Description: Digital signature
