Re: authentication question

On Thu, 2006-11-09 at 12:34 -0300, Alvaro Herrera wrote:
> Craig White wrote:
>
> > logs say...
> > Nov 8 20:18:26 srv1 postgresql: Starting postgresql service: succeeded
> > Nov 8 20:18:39 srv1 postgres[21020]: PAM audit_open() failed:
> > Permission denied
> > Nov 8 20:18:39 srv1 postgres[21020]: [2-1] LOG: pam_authenticate
> > failed: System error
> > Nov 8 20:18:39 srv1 postgres[21020]: [3-1] FATAL: PAM authentication
> > failed for user "craig"
>
> I'm not at all familiar with PAM error message wording, but are you
> aware that you must create the user "craig" inside the database _as
> well_ as on whatever PAM layer you use?
>
> The "audit_open(): Permission denied" message sounds like Postgres is
> not authorized to consult PAM though.
----
I did create a user 'craig' in postgres but I agree, that isn't the
issue at this point.

I checked the source rpm to make sure that it was compiled with the pam
option and it appears to me that it was.

I haven't had to fool too much with pam for authenticating other
services so I'm a little bit out of my knowledge base but I know that it
was simple to add netatalk into the pam authentication and expected that
postgresql would be similar.

I have to believe that other people are using pam for authentication
because otherwise, you have to have maintain passwords for each user
within postgresql itself - which seems unwise for many sites.

Still struggling with this...

Craig