Re: [HACKERS] pam auth - add rhost item

On 03/22/2016 04:29 PM, Grzegorz Sampolski wrote: New patch, which change pamservice parameter from pamusedns to pam_use_hostname. committed -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription:

Re: [HACKERS] pam auth - add rhost item

New patch, which change pamservice parameter from pamusedns to pam_use_hostname. On 03/21/2016 10:59 AM, Grzegorz Sampolski wrote: > Ok. So if no one objected to the evening - in my time zone ofcourse :) > I will change pamusedns to pam_use_hostname. > > On 03/21/2016 08:43 AM, Haribabu Kommi

Re: [HACKERS] pam auth - add rhost item

Ok. So if no one objected to the evening - in my time zone ofcourse :) I will change pamusedns to pam_use_hostname. On 03/21/2016 08:43 AM, Haribabu Kommi wrote: > On Wed, Mar 16, 2016 at 10:46 PM, Grzegorz Sampolski wrote: >> Hi. >> Can be, but as you mentioned OS resolver can

Re: [HACKERS] pam auth - add rhost item

On Wed, Mar 16, 2016 at 10:46 PM, Grzegorz Sampolski wrote: > Hi. > Can be, but as you mentioned OS resolver can be configured to not use > dns at all. So much more appropriate will be pam_try_hostname if we want > to be more accurately. > But for me pamusedns, pam_use_hostname

Re: [HACKERS] pam auth - add rhost item

Hi. Can be, but as you mentioned OS resolver can be configured to not use dns at all. So much more appropriate will be pam_try_hostname if we want to be more accurately. But for me pamusedns, pam_use_hostname or pam_try_hostname all are correct as either need to use some try to resolve ip address

Re: [HACKERS] pam auth - add rhost item

On 3/10/16 8:11 AM, Grzegorz Sampolski wrote: > In attchment new patch with updated documentation and with small change > to coding style as you suggested. This patch seems fine. I'm not sure about the name "pamusedns" for the option, since we use the OS resolver, which might not actually use

Re: [HACKERS] pam auth - add rhost item

On Sun, Mar 13, 2016 at 8:07 AM, Grzegorz Sampolski wrote: > Hi. > Thank you for improve documentation and yes I'm fine with this chages. Thanks. changed the patch status as ready for committer. Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list

Re: [HACKERS] pam auth - add rhost item

Hi. Thank you for improve documentation and yes I'm fine with this chages. Regards. Grzegorz. On 03/12/2016 01:17 PM, Haribabu Kommi wrote: > On Fri, Mar 11, 2016 at 12:11 AM, Grzegorz Sampolski wrote: >> Hi. >> In attchment new patch with updated documentation and with small

Re: [HACKERS] pam auth - add rhost item

On Fri, Mar 11, 2016 at 12:11 AM, Grzegorz Sampolski wrote: > Hi. > In attchment new patch with updated documentation and with small change > to coding style as you suggested. Thanks for the update. Here I attached updated patch with additional documentation changes, If you

Re: [HACKERS] pam auth - add rhost item

Hi. In attchment new patch with updated documentation and with small change to coding style as you suggested. Regards. Grzegorz. On 03/09/2016 08:30 AM, Haribabu Kommi wrote: > On Tue, Mar 8, 2016 at 10:43 PM, Grzegorz Sampolski > wrote: >> Hi Hari.

Re: [HACKERS] pam auth - add rhost item

On Tue, Mar 8, 2016 at 10:43 PM, Grzegorz Sampolski wrote: > Hi Hari. > To use pam modules you can use whatever backend authentication method > you want. > > This is example configuration: > > Install this library https://github.com/pam-pgsql/pam-pgsql > Create some example

Re: [HACKERS] pam auth - add rhost item

Hi Hari. To use pam modules you can use whatever backend authentication method you want. This is example configuration: Install this library https://github.com/pam-pgsql/pam-pgsql Create some example database , schema access and two tables: pam_auth and pam_account with example defintion:

Re: [HACKERS] pam auth - add rhost item

On Tue, Dec 29, 2015 at 10:46 AM, Grzegorz Sampolski wrote: > Hi. > I thought link on commitfest to github url was sufficient. > Sorry. Attached new patch. I reviewed and tested the patch. With the addition of new RHOST member to the passed items in the PAM authentication

Re: [HACKERS] pam auth - add rhost item

Hi. New patch available. The new status of this patch is: Needs review -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] pam auth - add rhost item

Hi. I send new patch: https://github.com/grzsmp/postgres/commit/3e3a1f187b71acef3f8dc0745da753fb5be821fa On 12/27/2015 05:31 PM, Grzegorz Sampolski wrote: > Hi there! > I'm alive and working on new patch. > So, I takes into account all suggestions from Tomas and I'll > add additional parameter

Re: [HACKERS] pam auth - add rhost item

On Mon, Dec 28, 2015 at 03:01:07PM +, Grzegorz Sampolski wrote: > Hi. > New patch available. Please attach the patch or patch set to your email just like else does. :) Cheers, David. -- David Fetter http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!:

Re: [HACKERS] pam auth - add rhost item

On Tue, Dec 29, 2015 at 12:46:40AM +0100, Grzegorz Sampolski wrote: > Hi. > I thought link on commitfest to github url was sufficient. > Sorry. Attached new patch. Thanks! My understanding for the reason behind the policy is that it is to ensure that patch submissions are all together in a

Re: [HACKERS] pam auth - add rhost item

Hi. I thought link on commitfest to github url was sufficient. Sorry. Attached new patch. On 12/28/2015 09:07 PM, David Fetter wrote: > Please attach the patch or patch set to your email just like else > does diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index cdc5bf1..d42cc76

Re: [HACKERS] pam auth - add rhost item

Hi there! I'm alive and working on new patch. So, I takes into account all suggestions from Tomas and I'll add additional parameter `usedns' with `yes/no' values to pass resolved hostname or ip address through rhost_item. On 12/24/2015 03:35 AM, Michael Paquier wrote: > On Wed, Dec 16, 2015 at

Re: [HACKERS] pam auth - add rhost item

On Wed, Dec 16, 2015 at 2:53 AM, Tomas Vondra wrote: > Actually, one more thing - the patch should probably update the docs too, > because client-auth.sgml currently says this in the "auth-pam" section: > > > ... > PAM is used only to validate user

Re: [HACKERS] pam auth - add rhost item

Actually, one more thing - the patch should probably update the docs too, because client-auth.sgml currently says this in the "auth-pam" section: ... PAM is used only to validate user name/password pairs. ... I believe that's no longer true, because the patch adds PAM_RHOST

Re: [HACKERS] pam auth - add rhost item

Hi, On 11/25/2015 01:45 PM, Grzegorz Sampolski wrote: Well, this is not matter since pam_set_item expect this argument as a string. Besides there is not always possible to get map from ip address to hostname. So hostname is just a synonim for whatever information you cat get about remote

Re: [HACKERS] pam auth - add rhost item

Well, this is not matter since pam_set_item expect this argument as a string. Besides there is not always possible to get map from ip address to hostname. So hostname is just a synonim for whatever information you cat get about remote machine. ps. sorry for delay answer. On 11/16/2015 04:24 AM,

Re: [HACKERS] pam auth - add rhost item

On 10/13/15 4:12 PM, kolo hhmow wrote: > Yes, sorry. I was in hurry when I posted this message. > I dont understand whay in CheckPAMAuth function only PAM_USER item is > adding to pam information before authenticate? > Wheter it would be a problem to set additional pam information like > PAM_RHOST

Re: [HACKERS] pam auth - add rhost item

On Sat, Oct 17, 2015 at 1:00 AM, kolo hhmow wrote: > Ok. > Thak you all! This patch was listed twice in the CF app. I removed the duplicated entry and let this one alive: https://commitfest.postgresql.org/7/392/ Could you add your name as an author please? -- Michael --

Re: [HACKERS] pam auth - add rhost item

On 15-10-2015 05:41, kolo hhmow wrote: I have already explained this in my previous post. Did you read this? > Yes, I do. So why postgresql give users an abbility to use a pam modules, when in other side there is advice to not use them? Anyway. > Where is such advise? I can't see it in docs

Re: [HACKERS] pam auth - add rhost item

On Fri, Oct 16, 2015 at 2:47 PM, Euler Taveira wrote: > On 15-10-2015 05:41, kolo hhmow wrote: > >> I have already explained this in my previous post. Did you read this? >> > > > Yes, I do. > > So why postgresql give users an abbility to use a pam modules, when in >> other

Re: [HACKERS] pam auth - add rhost item

Robert Haas wrote: > I think some more interesting questions are: > - Did he implement this correctly? > - Would it break anything? > - Are there lots of other knobs we should expose too instead of just one? > - What would it take to turn this into a committable patch? > - Would the cost of

Re: [HACKERS] pam auth - add rhost item

On Fri, Oct 16, 2015 at 8:47 AM, Euler Taveira wrote: > On 15-10-2015 05:41, kolo hhmow wrote: >> >> I have already explained this in my previous post. Did you read this? > >> > Yes, I do. > >> So why postgresql give users an abbility to use a pam modules, when in >> other

Re: [HACKERS] pam auth - add rhost item

On Fri, Oct 16, 2015 at 10:50 AM, Euler Taveira wrote: >> I feel like we've got somebody new showing up to our community with an >> idea that is not obviously stupid. If we want such people to stick >> around, we should try to give their ideas a fair shake. >> > I share the

Re: [HACKERS] pam auth - add rhost item

On 16-10-2015 10:37, Robert Haas wrote: - Did he implement this correctly? > - Would it break anything? > I did not review the patch. - Are there lots of other knobs we should expose too instead of just one? > We are providing PAM_USER and PAM_CONV. The complete list of options are [1].

Re: [HACKERS] pam auth - add rhost item

Ok. Thak you all! :) On Fri, Oct 16, 2015 at 5:20 PM, Robert Haas wrote: > On Fri, Oct 16, 2015 at 10:50 AM, Euler Taveira > wrote: > >> I feel like we've got somebody new showing up to our community with an > >> idea that is not obviously stupid.

Re: [HACKERS] pam auth - add rhost item

On Thu, Oct 15, 2015 at 1:45 AM, Euler Taveira wrote: > On 14-10-2015 17:35, kolo hhmow wrote: > >> Yes, but this is very ugly solution, becasue you have to restart >> postgresql daemon each time you have added a new user. >> > > > Restart != Reload. You can even do it

Re: [HACKERS] pam auth - add rhost item

On Tue, Oct 13, 2015 at 4:12 PM, kolo hhmow wrote: > Yes, sorry. I was in hurry when I posted this message. > I dont understand whay in CheckPAMAuth function only PAM_USER item is adding > to pam information before authenticate? > Wheter it would be a problem to set additional

Re: [HACKERS] pam auth - add rhost item

Yes, but this is very ugly solution, becasue you have to restart postgresql daemon each time you have added a new user. This solution which I propose is give an abbility to dinamicaly manage user accounts without need to restart each time a user account entry has change. When you have lot of

Re: [HACKERS] pam auth - add rhost item

Yes, you right - my mistake. But editing pg_hba.conf with lot of entries is little inconveniet. When using pam modules with backend database like postgresql/or whatever is more efficient and convenient - this is whay among others I need pass client ip to pam modules, and then to backend database

Re: [HACKERS] pam auth - add rhost item

On 14-10-2015 17:35, kolo hhmow wrote: Yes, but this is very ugly solution, becasue you have to restart postgresql daemon each time you have added a new user. > Restart != Reload. You can even do it using SQL. This solution which I propose is give an abbility to dinamicaly manage user

Re: [HACKERS] pam auth - add rhost item

On Mon, Oct 12, 2015 at 12:01 PM, kolo hhmow wrote: > Wheter it would be a problem to set additional item (rhost) before > pam_authentication function in backend/libpq/auth.c? > It is very useful because you can restrict access to given ip address like > in mysql. > And this

Re: [HACKERS] pam auth - add rhost item

Yes, sorry. I was in hurry when I posted this message. I dont understand whay in CheckPAMAuth function only PAM_USER item is adding to pam information before authenticate? Wheter it would be a problem to set additional pam information like PAM_RHOST which is very useful because we can use this

[HACKERS] pam auth - add rhost item

Wheter it would be a problem to set additional item (rhost) before pam_authentication function in backend/libpq/auth.c? It is very useful because you can restrict access to given ip address like in mysql. And this actually utilized in pam-pgsql, wich cannot be used because rhost item is empty.