On Tue, Jun 15, 2010 at 8:37 AM, Stephen Frost <sfr...@snowman.net> wrote: > KaiGai, > > * KaiGai Kohei (kai...@ak.jp.nec.com) wrote: >> In the attached patch, the security hook was moved to ClientAuthentication() >> from InitPostgres(), for more clarification of the purpose. >> What I want to do is to assign additional properties to identify the client >> (such as security label) for each authenticated session. >> >> Its purpose is similar to "session" module of PAM in operating system. >> It allows to assign additional session properties more than user-id. > > That's all fine- but let's work within the confines of the *existing* > hook that's been discussed to get something working first before we go > adding hooks in other places. I think it's important that we put > together at least a proof of concept that an SELinux module or other > external auth module can sensible use the DML hook.
+1. > After that, we can discuss what other hooks are needed. KaiGai, please, > before sending in patches of any kind, propose at a high-level what the > problem is and what the security module needs in general terms. If you > have a recommendation, that's fine, but let's talk about it before > implementing anything. +2. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise Postgres Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
