Quick Links

Re: postgresql 7.4.6 and pam_ldap

From:	Thomas Leduc <thomas(dot)leduc(at)cerma(dot)archi(dot)fr>
To:	Gémes Géza <geza(at)kzsdabas(dot)sulinet(dot)hu>
Cc:	pgsql-admin(at)postgresql(dot)org
Subject:	Re: postgresql 7.4.6 and pam_ldap
Date:	2005-01-06 09:19:01
Message-ID:	20050106091901.GA15627@volga.lan.cerma.archi.fr
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-admin

Le 5 janvier 2005 à 22:20, Gémes Géza a écrit :
>
> I would suggest to retry it with a postgres user readable
> /etc/pam.d/postgresql
> an with a pg_hba.conf without postgres specified on the last field after
> pam. Also if you want ldap authentication, take care, that in
> /etc/pam.d/postgresql you don't reference any other non pam_ldap module,
> and your /etc/ldap.conf is readable by postgres user.

thank you for your help,
That's all i have done :

$ id
uid=26(postgres) gid=26(postgres) groupes=26(postgres)

$ cat /etc/pam.d/postgresql
auth required /lib/security//pam_ldap.so

$ cat pg_hba.conf
local all postgres ident sameuser
local all all pam
host all all 127.0.0.1/32 pam
host all all 192.168.10.0/24 pam

$ sed '/^#/d;/^$/d' /etc/ldap.conf
host 192.168.10.2
base ou=Users,dc=cerma,dc=archi,dc=fr
ssl no
pam_password md5

$ psql -U leduc leduc
Mot de passe :
psql: FATAL: PAM authentication échouée pour l'utilisateur "leduc"
=> DID NOT WORK !!!

# tail -f /var/log/postgresql
Jan 6 10:14:06 tage postgres[21450]: [1-1] TRACE: 00000: pam_authenticate a échoué : Conversation error
Jan 6 10:14:06 tage postgres[21450]: [1-2] EMPLACEMENT : CheckPAMAuth, auth.c:712
Jan 6 10:14:06 tage postgres[21450]: [2-1] FATAL: 28000: PAM authentication échouée pour l'utilisateur "leduc"
Jan 6 10:14:06 tage postgres[21450]: [2-2] EMPLACEMENT : auth_failed, auth.c:395
Jan 6 10:14:06 tage postgres[21450]: [3-1] ERREUR: 08006: Impossible d'envoyer les données du client : Relais brisé (pipe)
Jan 6 10:14:06 tage postgres[21450]: [3-2] EMPLACEMENT : internal_flush, pqcomm.c:1000
Jan 6 10:14:09 tage postgres[21451]: [1-1] TRACE: 00000: pam_acct_mgmt a échoué : User account has expired
Jan 6 10:14:09 tage postgres[21451]: [1-2] EMPLACEMENT : CheckPAMAuth, auth.c:723
Jan 6 10:14:09 tage postgres[21451]: [2-1] FATAL: 28000: PAM authentication échouée pour l'utilisateur "leduc"
Jan 6 10:14:09 tage postgres[21451]: [2-2] EMPLACEMENT : auth_failed, auth.c:395

=> "User account has expired" seems not to be true !

--
Thomas LEDUC

CNRS UMR 1563 - Laboratoire CERMA - Ecole d'Architecture de Nantes
Tel: +33 (0) 2 40 59 04 59 -- Fax : +33 (0) 2 40 59 11 77
EAN - Rue Massenet - BP 81931 - 44319 NANTES cedex 3
GPG KeyID: B2342343 Fingerprint: D62CF1A9D4BEDE671602504C46514CC8B2342343

In response to

Re: postgresql 7.4.6 and pam_ldap at 2005-01-05 21:20:25 from Gémes Géza

Responses

Re: postgresql 7.4.6 and pam_ldap at 2005-01-06 09:53:01 from Dick Davies

Browse pgsql-admin by date

	From	Date	Subject
Next Message	Dick Davies	2005-01-06 09:53:01	Re: postgresql 7.4.6 and pam_ldap
Previous Message	Joshua D. Drake	2005-01-06 03:14:22	Re: query and stored procedures