Re: [HACKERS] PAM authentication fails for local UNIX users

Applied:

PAM does work authenticating against Unix system authentication
because the postgres server is started by a non-root user. In order
to enable this functionality, the root user must provide additional
permissions to the postgres user (for reading
<filename>/etc/shadow</>).

---------------------------------------------------------------------------

Dhanaraj M wrote:
> Hi all,
>
> This is the continuation to the discussion that we had in the hacker's list.
>
> http://www.postgresql.org/docs/8.2/interactive/auth-methods.html#AUTH-PAM
> Here, I like to add some details in 20.2.6. PAM authentication section.
>
> Can someone review and make changes, if required? Thanks.
>
> *** client-auth.sgml.orig Tue Aug 21 16:52:45 2007
> --- client-auth.sgml Tue Aug 21 17:02:52 2007
> ***************
> *** 987,992 ****
> --- 987,1001 ----
> and the <ulink url="http://www.sun.com/software/solaris/pam/">
> <systemitem class="osname">Solaris</> PAM Page</ulink>.
> </para>
> +
> + <note>
> + <para>
> + The local UNIX user authentication is not permitted,
> + because the postgres server is started by a non-root user.
> + In order to enable this functionality, the root user must provide
> + additional permissions to the postgres user (for reading
> /etc/shadow file).
> + </para>
> + </note>
> </sect2>
> </sect1>
>
>
> >
> >
> > Zdenek Kotala wrote:
> >>
> >> The problem what Dhanaraj tries to address is how to secure solve
> >> problem with PAM and local user. Other servers (e.g. sshd) allow to
> >> run master under root (with limited privileges) and forked process
> >> under normal user. But postgresql
> >> requires start as non-root user. It limits to used common pattern.
> >>
> >> There is important question:
> >>
> >> Is current requirement to run postgresql under non-root OK? If yes,
> >> than we must update PAM documentation to explain this situation which
> >> will never works secure. Or if we say No, it is stupid limitation (in
> >> case when UID 0 says nothing about user's privileges) then we must
> >> start discussion about solution.
> >>
> >>
> >
> > For now I think we should update the docs. You really can't compare
> > postgres with sshd - ssh connections are in effect autonomous. I
> > suspect the changes involved in allowing us to run as root and then
> > give up privileges safely would be huge, and the gain quite small.
> >
> > I'd rather see an HBA fallback mechanism, which I suspect might
> > overcome most of the problems being encountered here.
> >
> > cheers
> >
> > andrew
>
>
> --
> ================================
> Dhanaraj M
> x40049/+91-9880244950
> Solaris RPE, Bangalore, India
> http://blogs.sun.com/dhanarajm/
> ================================
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +