| From: | Derrick Stensrud <dstensrud(at)worleyco(dot)com> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Anyone? Best way to authenticate postgres against |
| Date: | 2006-12-19 15:52:58 |
| Message-ID: | 45880ADA.4000509@worleyco.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Thanks I've been trying to use pam_ldap but I keep getting this error
from postgres. I think it may have something to do with postgres
running as the postgres user and not having permissions to something,
but I have no idea what.
LOG: pam_authenticate failed: Conversation error
FATAL: PAM authentication failed for user "bkelly"
LOG: could not send data to client: Broken pipe
LOG: pam_authenticate failed: User not known to the underlying
authentication module
FATAL: PAM authentication failed for user "bkelly"
this is my pam.d/postgresql file:
#####
auth required /lib/security/pam_ldap.so debug
account required /lib/security/pam_ldap.so debug
#####
Magnus Hagander wrote:
> On Mon, Dec 18, 2006 at 08:23:08PM -0600, Derrick wrote:
>
>> I've been struggling with pam_ldap and a windows 2003 active directory
>> server, trying to get postgres to authenticate against it. I'm
>> wondering what the best way to get postgres to authenticate against
>> windows active directory would be? I've posted the problem on the
>> general mail list that I was having with pam_ldap but no response. Any
>> ideas, how to's, or good links would be much appreciated, and I'm under
>> a time constraint. Thanks a million in advance.
>>
>
> You can do this three different ways:
> 1) You can do it with Kerberos. This is a bit tricky to get working, but
> it can be done. This will give you single-sign-on, and not just the same
> password. A large downside is that this is not supported by all
> interfaces, for examlpe it's not supported with JDBC or .NET.
>
> 2) You can use the native LDAP authentication that's available in 8.2. I
> specifically created it to be used in one of my own Active Directory
> installations, so I know it works there (thuogh it of course works with
> other LDAP installs as well).
>
> 3) You can use pam_ldap. Never done that myself, but I've heard of
> others having some problems with it before, so I would definitly advise
> you to use option 2 for simple LDAP auth.
>
> //Magnus
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: Don't 'kill -9' the postmaster
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | BigSmoke | 2006-12-19 16:00:01 | Re: Savepoints in PL/pgSQL |
| Previous Message | Richard Huxton | 2006-12-19 15:46:23 | Re: Second attempt, roll your own autovacuum |