Re: PAM ldap

* Kavan, Dan (IMS) <KavanD(at)imsweb(dot)com> [0149 18:49]:
>
> Hi, I'm running postgresql 8.0.rc5 on SUSE.
> I have the pg_hba.conf file configured with
> local all smith ident sameuser
> host all smith ident sameuser
>
> The way authentication works with that is that configuration is that if
> I'm logged in as smith with my company ldap server I can get in, but if
> I'm not directly logged in as smith, I can't get in. Having the word
> pam in this file at all causes an error. I'd like to use pam so
> postgres could do it's own ldap/pam lookups, but I keep getting an error
> that it doesn't know what pam is. I see in the logs that the pam server
> starts, but I still get an error.

You didn't show the broken config, but assuming it's something like

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
hostssl all all 127.0.0.1 255.255.255.255 pam

then perhaps you don't have pam support built into postgres?

> /etc/pam.d/postgresql
> auth required pam_unix2.so nullok
> account required pam_unix2.so

This is going to do unix auth, obviously, so you'll need to s/unix/ldap/ on that...

--
'You may need to metaphorically make a deal with the devil.
By 'devil' I mean robot devil and by 'metaphorically' I mean get your coat.'
-- Bender
Rasputin :: Jack of All Trades - Master of Nuns