On Sun, Apr 14, 2019 at 4:06 AM Peter J. Holzer <hjp-pgsql@xxxxxx> wrote:
If you want to prevent a user from logging in (which is functionally
equivalent but a bit stronger than "instantly kick off"), then this is
definitely something that could and should be implemented via PAM (I'm
not sure what information is passed to PAM, so you might get the IP
address but not the application name (the latter can't be trusted
anyway), for example).
I think the only information you can reliably count on is the user name. IP addresses may not be the true IP address of the user if there's some kind of relay or cache in place.
Having been through the PCI compliance wringer a few times, I wish the OP luck.
--
Mike Nolan
