Home > mailing lists

[HACKERS] RADIUS fallback servers - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	[HACKERS] RADIUS fallback servers
Date	February 12, 2017 18:48:24
Msg-id	CABUevEwUwqT_pQzuD+nChNsZ=H7rhhXnOoCR_dsXtKmyehBi0w@mail.gmail.com Whole thread Raw
Responses	Re: [HACKERS] RADIUS fallback servers
List	pgsql-hackers

Tree view

In a discussion at https://www.postgresql.org/message-id/55D51B54.4050902@joh.to we talked about adding RADIUS fallback servers. It never got to the point of it being done.

PFA a patch that implements this.

It supports multiple RADIUS servers. For all other parameters (secret, port, identifier) one can specify either the exact same number of entries, in which case each server gets it's own, or exactly one entry in which case that entry will apply to all servers. (Or zero entries for everything except secret, which will make it the default).

Each server is tried in order. If it responds positive, auth is OK. If it responds negative, auth is rejected. If it does not respond at all, we move on to the next one.

I'm wondering if in doing this we should also make the RADIUS timeout a configurable as HBA option, since it might become more important now?

Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

Attachment

radius_fallback.patch

pgsql-hackers by date:

From: David Rowley
Date: 12 February 2017, 14:51:26
Subject: Re: [HACKERS] Improve OR conditions on joined columns (common starschema problem)

From: Tom Lane
Date: 12 February 2017, 20:32:36
Subject: Re: [HACKERS] Improve OR conditions on joined columns (common star schema problem)

[HACKERS] RADIUS fallback servers - Mailing list pgsql-hackers

Attachment

Previous

Next