From: | Dick Davies <rasputnik(at)hellooperator(dot)net> |
---|---|
To: | PostgreSQL Admin <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: PAM ldap |
Date: | 2005-01-16 09:10:30 |
Message-ID: | 20050116091030.GC26970@lb.tenfour |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
* Kavan, Dan (IMS) <KavanD(at)imsweb(dot)com> [0149 18:49]:
>
> Hi, I'm running postgresql 8.0.rc5 on SUSE.
> I have the pg_hba.conf file configured with
> local all smith ident sameuser
> host all smith ident sameuser
>
> The way authentication works with that is that configuration is that if
> I'm logged in as smith with my company ldap server I can get in, but if
> I'm not directly logged in as smith, I can't get in. Having the word
> pam in this file at all causes an error. I'd like to use pam so
> postgres could do it's own ldap/pam lookups, but I keep getting an error
> that it doesn't know what pam is. I see in the logs that the pam server
> starts, but I still get an error.
You didn't show the broken config, but assuming it's something like
# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
hostssl all all 127.0.0.1 255.255.255.255 pam
then perhaps you don't have pam support built into postgres?
> /etc/pam.d/postgresql
> auth required pam_unix2.so nullok
> account required pam_unix2.so
This is going to do unix auth, obviously, so you'll need to s/unix/ldap/ on that...
--
'You may need to metaphorically make a deal with the devil.
By 'devil' I mean robot devil and by 'metaphorically' I mean get your coat.'
-- Bender
Rasputin :: Jack of All Trades - Master of Nuns
From | Date | Subject | |
---|---|---|---|
Next Message | Theo Galanakis | 2005-01-16 22:45:17 | Re: Pg8 for Windows |
Previous Message | Sander Steffann | 2005-01-15 22:48:33 | Re: Less available diskspace after crashed CLUSTER |