From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Craig White <craigwhite(at)azapple(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: authentication question |
Date: | 2006-11-09 19:34:34 |
Message-ID: | 20061109193434.GH26818@alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Tom Lane wrote:
> Craig White <craigwhite(at)azapple(dot)com> writes:
> > I haven't had to fool too much with pam for authenticating other
> > services so I'm a little bit out of my knowledge base but I know that it
> > was simple to add netatalk into the pam authentication and expected that
> > postgresql would be similar.
>
> FWIW, we ship this PAM config file in the Red Hat PG RPMs:
>
> #%PAM-1.0
> auth include system-auth
> account include system-auth
>
> which AFAIR looks about the same as the corresponding files for other
> services. It's installed as /etc/pam.d/postgresql.
For this to work you need a system-auth file in /etc/pam.d, which would
have lines for auth/account/required etc, and not just "includes".
PAM seems to be another area on which Linux distributors have been
diverging wildly for a long time; for example here on Debian the include
lines look like
auth requisite pam_nologin.so
auth required pam_env.so
@include common-auth
@include common-account
session required pam_limits.so
so I doubt one distro's config files are applicable to any other.
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
From | Date | Subject | |
---|---|---|---|
Next Message | Brendan Jurd | 2006-11-09 19:46:57 | Re: [GENERAL] ISO week dates |
Previous Message | Vernon _ | 2006-11-09 19:33:03 | Installation Instruction For Window |