On Thu, Oct 15, 2015 at 1:45 AM, Euler Taveira <eu...@timbira.com.br> wrote:
> On 14-10-2015 17:35, kolo hhmow wrote: > >> Yes, but this is very ugly solution, becasue you have to restart >> postgresql daemon each time you have added a new user. >> > > > Restart != Reload. You can even do it using SQL. > Yes, this is was my mistake. > > This solution which I propose is give an abbility to dinamicaly manage >> user accounts without need to restart each time a user account entry has >> change. >> > > > Why do you want to double restrict the access? We already have HBA. Also, > you could complicate the management because you need to check two different > service configurations to figure out why foo user can't log in. I'm not a > PAM expert but my impression is that rhost is an optional item. Therefore, > advise PAM users to use HBA is a way to not complicate the actual feature. > > > I have already explained this in my previous post. Did you read this? So why postgresql give users an abbility to use a pam modules, when in other side there is advice to not use them? Anyway. I do not see any complication with this approach. Just use one configuration entry in pg_hba.conf, and rest entries in some database backend of pam module, which is most convenient with lot of entries than editing pg_hba.conf. Yes rhost is optional item, which is not actually set to pam information in ofical source code and this is why I need add this patch. > -- > Euler Taveira Timbira - http://www.timbira.com.br/ > PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento >