On Thu, Oct 15, 2015 at 1:45 AM, Euler Taveira <eu...@timbira.com.br> wrote:
> On 14-10-2015 17:35, kolo hhmow wrote:
>> Yes, but this is very ugly solution, becasue you have to restart
>> postgresql daemon each time you have added a new user.
> Restart != Reload. You can even do it using SQL.
Yes, this is was my mistake.
> This solution which I propose is give an abbility to dinamicaly manage
>> user accounts without need to restart each time a user account entry has
> Why do you want to double restrict the access? We already have HBA. Also,
> you could complicate the management because you need to check two different
> service configurations to figure out why foo user can't log in. I'm not a
> PAM expert but my impression is that rhost is an optional item. Therefore,
> advise PAM users to use HBA is a way to not complicate the actual feature.
> I have already explained this in my previous post. Did you read this?
So why postgresql give users an abbility to use a pam modules, when in
other side there is advice to not use them?
I do not see any complication with this approach. Just use one
configuration entry in pg_hba.conf, and rest entries in some database
backend of pam module, which is most convenient with lot of entries than
Yes rhost is optional item, which is not actually set to pam information in
ofical source code and this is why I need add this patch.
> Euler Taveira Timbira - http://www.timbira.com.br/
> PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento