On Thu, Jan 14, 2016 at 11:59 PM, Chapman Flack <c...@anastigmatix.net> wrote: > Forgive my late comment ... I haven't used the PAM support in postgresql > either, or I'd know. PAM (I know for sure), and I suppose similarly BSD > Authentication, models a generalized auth interaction where a given > authentication module can send a number of arbitrary prompts back to the > client (via callbacks so different protocols and UIs can be used), and > demand a number of arbitrary responses, so that a variety of authentication > schemes can easily be supported. > > Is the PostgreSQL support (for either PAM or BSD Authentication) able to > handle that in its designed generality, or only for the case (number of > requested items = 1, item 1 = a password)? > > Could the general form be handled with the existing fe/be protocol, > or would the protocol have to grow?
We support something like this for GSS, but not for other authentication methods. See: http://www.postgresql.org/docs/current/static/protocol-flow.html -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
