On Fri, Oct 16, 2015 at 2:47 PM, Euler Taveira <eu...@timbira.com.br> wrote:
> On 15-10-2015 05:41, kolo hhmow wrote: > >> I have already explained this in my previous post. Did you read this? >> > > > Yes, I do. > > So why postgresql give users an abbility to use a pam modules, when in >> other side there is advice to not use them? >> Anyway. >> > > > Where is such advise? I can't see it in docs [1]. > Not in docs. You gave such advice: "Therefore, advise PAM users to use HBA is a way to not complicate the actual feature". > > I do not see any complication with this approach. Just use one >> configuration entry in pg_hba.conf, and rest entries in some database >> backend of pam module, which is most convenient with lot of entries than >> editing pg_hba.conf. >> >> Why don't you use a group role? I need just one entry in pg_hba.conf. > > > [1] > http://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PAM > [2] http://www.postgresql.org/docs/current/static/role-membership.html > > > Because cannot restrict from what ip address client can connet in such way. You can restrict only whole group, not just individual member of such group, or I misunderstand something. > > > -- > Euler Taveira Timbira - http://www.timbira.com.br/ > PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento >
