"Keith G. Murphy" <[EMAIL PROTECTED]> writes:
Hmmm, mightn't it be kind of nice if there were PAM or krb5 maps in addition to ident maps?
ISTM the whole point of PAM is that you plug in your desired security policy outside of the application. You shouldn't be asking for more security frammishes from Postgres, you should be off coding a PAM module that does things exactly the way you want.
I believe I see what you mean. Given the original premise, I imagine you could have the PAM module do something like:
(1) Authenticate via LDAP using the user's username and password
(2) Look up the "role" name (real PostgreSQL username) via LDAP, using the username
(3) Tell PostsgreSQL that the user is authenticated under role name.
I really hadn't thought much about how the PAM module might work.
--
Why waste time learning when ignorance is instantaneous?
-- Hobbes
---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
