PAM auth

Hi folks,

I'm trying to use PAM auth on PostgreSQL, but I still cannot
get success on PAM auth (with PG813 and RHEL3).

pg_hba.conf has
> host pamtest all 0.0.0.0/0 pam

/etc/pam.d/postgresql is
> #%PAM-1.0
> auth required pam_stack.so service=system-auth
> account required pam_stack.so service=system-auth
> password required pam_stack.so service=system-auth

And I've changed user password with "ALTER USER ... PASSWORD".

However, my postmaster always denies my login.
---------------------------------------------------------
% /usr/local/pgsql813/bin/psql -h localhost -W -U hoge pamtest
Password for user hoge:
LOG: pam_authenticate failed: Authentication failure
FATAL: PAM authentication failed for user "hoge"
psql: FATAL: PAM authentication failed for user "hoge"
---------------------------------------------------------
What's wrong with that?

BTW, I found an empty password ("") is passed to CheckPAMAuth()
function in auth.c.
---------------------------------------------------------
#ifdef USE_PAM
case uaPAM:
pam_port_cludge = port;
status = CheckPAMAuth(port, port->user_name, "");
break;
#endif /* USE_PAM */
---------------------------------------------------------
/*
* Check authentication against PAM.
*/
static int
CheckPAMAuth(Port *port, char *user, char *password)
{
int retval;
pam_handle_t *pamh = NULL;

/*
* Apparently, Solaris 2.6 is broken, and needs ugly static variable
* workaround
*/
pam_passwd = password;

/*
* Set the application data portion of the conversation struct This is
* later used inside the PAM conversation to pass the password to the
* authentication module.
*/
pam_passw_conv.appdata_ptr = (char *) password; /* from password above,
* not allocated */
---------------------------------------------------------
What does it mean? I'm not familiar with PAM, so I can't get
why the password can be empty here.

Any suggestion?

Thanks.
--
NAGAYASU Satoshi <nagayasus(at)nttdata(dot)co(dot)jp>