Yes, you right - my mistake. But editing pg_hba.conf with lot of entries is little inconveniet. When using pam modules with backend database like postgresql/or whatever is more efficient and convenient - this is whay among others I need pass client ip to pam modules, and then to backend database for example. So I'm waiting for comments from others. Thanks.
On Wed, Oct 14, 2015 at 9:52 PM, Robert Haas <robertmh...@gmail.com> wrote: > On Tue, Oct 13, 2015 at 4:12 PM, kolo hhmow <grz...@gmail.com> wrote: > > Yes, sorry. I was in hurry when I posted this message. > > I dont understand whay in CheckPAMAuth function only PAM_USER item is > adding > > to pam information before authenticate? > > Wheter it would be a problem to set additional pam information like > > PAM_RHOST which is very useful because we can use this item to restrict > > access to this ip address. > > I hope I'm more specific now and you will understand me. > > Sorry, but I'm not native english speaker. > > Patch in attachment, and link below to web-view on github: > > > https://github.com/grzsmp/postgres/commit/5e2b102ec6de27e786d627623dcb187e997609e4 > > I don't personally know much about PAM, but if you want to restrict > access by IP, you could do that in pg_hba.conf. > > -- > Robert Haas > EnterpriseDB: http://www.enterprisedb.com > The Enterprise PostgreSQL Company >
