Re: [HACKERS] Proposal: BSD Authentication support

2016-04-08 Thread Pierre-Emmanuel André
On Fri, Mar 18, 2016 at 06:30:35PM +1300, Thomas Munro wrote: > On Fri, Mar 18, 2016 at 12:49 PM, Marisa Emerson wrote: > > On 18/03/16 03:57, Thomas Munro wrote: > >> > >> You used one name in the docs and another in the code: > >> > >> +BSD Authentication on PostgreSQL uses

Re: [HACKERS] Proposal: BSD Authentication support

2016-04-08 Thread Tom Lane
Marisa Emerson writes: > Woops, fix attached. Pushed with minor adjustments. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Proposal: BSD Authentication support

2016-04-08 Thread Tom Lane
David Steele writes: > On 4/8/16 11:20 AM, Robert Haas wrote: >> Should we commit this patch? > To summarize: > Robert Haas and Peter Eisentraut have done code-only reviews. Thomas > Munro has reviewed and tested with a caveat that he is no BSD expert. > Pierre-Emmanuel

Re: [HACKERS] Proposal: BSD Authentication support

2016-04-08 Thread David Steele
On 4/8/16 11:20 AM, Robert Haas wrote: > On Fri, Apr 8, 2016 at 6:48 AM, Pierre-Emmanuel André > wrote: >> On Fri, Mar 18, 2016 at 06:30:35PM +1300, Thomas Munro wrote: >>> On Fri, Mar 18, 2016 at 12:49 PM, Marisa Emerson wrote: On 18/03/16 03:57, Thomas

Re: [HACKERS] Proposal: BSD Authentication support

2016-04-08 Thread Robert Haas
On Fri, Apr 8, 2016 at 6:48 AM, Pierre-Emmanuel André wrote: > On Fri, Mar 18, 2016 at 06:30:35PM +1300, Thomas Munro wrote: >> On Fri, Mar 18, 2016 at 12:49 PM, Marisa Emerson wrote: >> > On 18/03/16 03:57, Thomas Munro wrote: >> >> >> >> You used one name in

Re: [HACKERS] Proposal: BSD Authentication support

2016-03-19 Thread Thomas Munro
On Fri, Mar 18, 2016 at 2:58 AM, Marisa Emerson wrote: > >>Our usual wording is "the PostgreSQL user account". Perhaps we should >>be more explicit about the fact that membership of this Unix group is >>needed on *OpenBSD*, since other current or future BSD forks could >>vary. I

Re: [HACKERS] Proposal: BSD Authentication support

2016-03-19 Thread Thomas Munro
On Fri, Mar 18, 2016 at 12:49 PM, Marisa Emerson wrote: > On 18/03/16 03:57, Thomas Munro wrote: >> >> You used one name in the docs and another in the code: >> >> +BSD Authentication on PostgreSQL uses the >> auth-postgres >> +login type and authenticates with the postgres

Re: [HACKERS] Proposal: BSD Authentication support

2016-03-18 Thread Marisa Emerson
>Our usual wording is "the PostgreSQL user account". Perhaps we should >be more explicit about the fact that membership of this Unix group is >needed on *OpenBSD*, since other current or future BSD forks could >vary. I see that the specific reason this is needed on this OpenBSD >5.8 box is so

Re: [HACKERS] Proposal: BSD Authentication support

2016-03-18 Thread Marisa Emerson
On 18/03/16 03:57, Thomas Munro wrote:
You used one name in the docs and another in the code:

+BSD Authentication on PostgreSQL uses the 

Re: [HACKERS] Proposal: BSD Authentication support

On Sat, Mar 12, 2016 at 5:14 AM, David Steele wrote: > On 1/14/16 11:22 PM, Robert Haas wrote: >> On Tue, Jan 12, 2016 at 2:27 AM, Marisa Emerson wrote: >>> I've attached the latest version of this patch. I've fixed up an issue with >>> the configuration

Re: [HACKERS] Proposal: BSD Authentication support

On 3/11/16 4:38 PM, Thomas Munro wrote: > It looks like this needs review from an OpenBSD user specifically. > FreeBSD and NetBSD use PAM instead of BSD auth. FreeBSD has man pages for this stuff, so maybe they also have it now. -- Sent via pgsql-hackers mailing list

Re: [HACKERS] Proposal: BSD Authentication support

On 1/7/16 9:40 PM, Marisa Emerson wrote: > There's a port for PAM, but we would prefer to use BSD Auth as its quite > a lot cleaner and is standard on OpenBSD. > > I've attached an updated patch that includes documentation. It has been > tested against OpenBSD 5.8. I'll add this thread to the

Re: [HACKERS] Proposal: BSD Authentication support

On Sat, Mar 12, 2016 at 5:14 AM, David Steele wrote: > On 1/14/16 11:22 PM, Robert Haas wrote: >> On Tue, Jan 12, 2016 at 2:27 AM, Marisa Emerson wrote: >>> I've attached the latest version of this patch. I've fixed up an issue with >>> the configuration

Re: [HACKERS] Proposal: BSD Authentication support

On 1/14/16 11:22 PM, Robert Haas wrote: > On Tue, Jan 12, 2016 at 2:27 AM, Marisa Emerson wrote: >> I've attached the latest version of this patch. I've fixed up an issue with >> the configuration scripts that I missed. > Looks reasonable on a quick read-through. Can anyone with

Re: [HACKERS] Proposal: BSD Authentication support

On Thu, Jan 14, 2016 at 11:59 PM, Chapman Flack wrote: > Forgive my late comment ... I haven't used the PAM support in postgresql > either, or I'd know. PAM (I know for sure), and I suppose similarly BSD > Authentication, models a generalized auth interaction where a given

Re: [HACKERS] Proposal: BSD Authentication support

On Tue, Jan 12, 2016 at 2:27 AM, Marisa Emerson wrote: > I've attached the latest version of this patch. I've fixed up an issue with > the configuration scripts that I missed. Looks reasonable on a quick read-through. Can anyone with access to a BSD system review and test? --

Re: [HACKERS] Proposal: BSD Authentication support

Forgive my late comment ... I haven't used the PAM support in postgresql either, or I'd know. PAM (I know for sure), and I suppose similarly BSD Authentication, models a generalized auth interaction where a given authentication module can send a number of arbitrary prompts back to the client (via

Re: [HACKERS] Proposal: BSD Authentication support

I've attached the latest version of this patch. I've fixed up an issue with the configuration scripts that I missed. On 08/01/16 12:40, Marisa Emerson wrote: There's a port for PAM, but we would prefer to use BSD Auth as its quite a lot cleaner and is standard on OpenBSD. I've attached an

Re: [HACKERS] Proposal: BSD Authentication support

This sounds like a sensible thing to me. I'm actually surprised, it sounds like something we would have already seen. Do some people just use PAM on OpenBSD? Are both supported? You should add the patch to https://commitfest.postgresql.org to ensure it doesn't slip through the cracks. It's too

Re: [HACKERS] Proposal: BSD Authentication support

There's a port for PAM, but we would prefer to use BSD Auth as its quite a lot cleaner and is standard on OpenBSD. I've attached an updated patch that includes documentation. It has been tested against OpenBSD 5.8. I'll add this thread to the commitfest. On 07/01/16 23:26, Greg Stark wrote: