Am 30.11.2011 09:26, schrieb Magnus Hagander:
I don't believe we do teardown using PAM, just session start. So you'd have to have your PAM module check the current state of postgresql every time - not keep some internal state.
Okay, that's too bad - if connlimit doesn't do the trick, I'll try and see how PAM is used, and possibly patch the respective session teardown-functionality into the server (which shouldn't be too hard, I guess).
FWIW, another option for writing your authentication module is to write a simple RADIUS server running on the same box. It's pretty trivial to do, especially in a high level language. The end result is the same as if you use PAM - you get custom authentication that can apply specific checks.
I'm much more used to writing PAM modules (which I've already done for authentication used by an FTP-server), so that'd be my first route to go, but keeping this in mind is handy, too. Thanks!
-- --- Heiko. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
