Skip site navigation (1) Skip section navigation (2)

Re: PAM documentation

From: Alvaro Herrera <alvherre(at)dcc(dot)uchile(dot)cl>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,PostgreSQL-documentation <pgsql-docs(at)postgresql(dot)org>,rasputnik(at)hellooperator(dot)net
Subject: Re: PAM documentation
Date: 2005-04-27 16:31:20
Message-ID: 20050427163120.GA27525@dcc.uchile.cl (view raw or flat)
Thread:
Lists: pgsql-committerspgsql-docs
On Wed, Apr 27, 2005 at 12:03:54PM -0400, Bruce Momjian wrote:
> Tom Lane wrote:
> > momjian(at)svr1(dot)postgresql(dot)org (Bruce Momjian) writes:
> > > Mention that PAM requires the user already exist in the database, per
> > > Dick Davies.
> > 
> > I don't recall exactly what Dick suggested, but the patch as applied
> > seems like fairly useless verbiage.  Exactly which of our other auth
> > methods allow users who *don't* exist in the database to log in?
> > And why would anyone find it surprising that this does not happen?
> 
> Can someone comment if having to create the database user account to use
> PAM is something that people forget?  Is there increased confusion
> because PAM is usually used for the operating system usernames?
> 
> Attached is the addition I made to the docs recently.  Is it useful?

Yes, because PAM works different on other systems, specially if it's
configured to use LDAP or some such.  Though I'd rephrase with something
like

>       default PAM service name is <literal>postgresql</literal>. You can
>       optionally supply your own service name after the <literal>pam</>
>       key word in the file <filename>pg_hba.conf</filename>.
> !     Note that PAM is only used to validate username/password pairs;
> !     therefore, the user must already exist in the database before PAM
> !     can be used for authentication.  For more information about 
> !     PAM, please read the <ulink url="http://www.kernel.org/pub/linux/libs/pam/">


-- 
Alvaro Herrera (<alvherre[(at)]dcc(dot)uchile(dot)cl>)
"Porque francamente, si para saber manejarse a uno mismo hubiera que
rendir examen... ¿Quién es el machito que tendría carnet?"  (Mafalda)

In response to

Responses

pgsql-docs by date

Next:From: Bruce MomjianDate: 2005-04-27 20:11:16
Subject: Re: PAM documentation
Previous:From: Joshua D. DrakeDate: 2005-04-27 16:18:18
Subject: Re: PAM documentation

pgsql-committers by date

Next:From: Bruce MomjianDate: 2005-04-27 20:09:50
Subject: pgsql: Update PAM documentation, per Alvaro.
Previous:From: Joshua D. DrakeDate: 2005-04-27 16:18:18
Subject: Re: PAM documentation

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group