Re: [GENERAL] pam authentication for postgres

Wed, 26 Nov 2003 17:26:09 -0800

Jason,

it seems you are unfamiliar with the basic rules of user support. If you try to filter as much as possible and only post the tiny snippets of information "you" think are important, the chances that someone else finds the point you overlooked are close to none.

Please post a comprehensive description of what you're trying to do together with the configuration files you use.


Jan

Jason Tesser wrote:

sorry for teh double posting I forgot the steps at the end

OK I am still trying to get pam working

here is the messages I have is the log from trying to log in

Nov 26 08:55:16 localhost postgresql(pam_unix)[22693]: authentication failure; 
logname= uid=26 euid=26 tty= ruser= rhost=  user=cherring
Nov 26 08:55:16 localhost pam_winbind[22693]: user 'cherring' granted acces

as you can see winbind is actually granting access but fro some reason poasgres still denies it. weird. any ideas.

the steps I have done are listed below 
note: i'm no sysad, nor do i even pretend to understand pam, the linux kernel,
or postgresql, but this setup is a safe, working, postgresql/linux/pam setup.

0) configure postgresql for pam, for example

      [root ( at ) omega tmp]# grep pam /usr/local/pgsql/data/pg_hba.conf
      host    all         all          137.75.0.0        255.255.0.0       pam

1) create a /etc/pam.d/postgresql entry, here's how i did mine

[root ( at ) omega tmp]# cp /etc/pam.d/passwd /etc/pam.d/postgresql

i don't know if it's the best setup, but it works! mine looks like this

      [root ( at ) omega tmp]# cat /etc/pam.d/postgresql
      #%PAM-1.0
      auth       required     /lib/security/pam_stack.so service=system-auth
      account    required     /lib/security/pam_stack.so service=system-auth
      password   required     /lib/security/pam_stack.so service=system-auth


---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
      joining column's datatypes do not match



--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== [EMAIL PROTECTED] #


---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
     joining column's datatypes do not match

Reply via email to