From: | "Marcin Porwit" <mporwit(at)yahoo-inc(dot)com> |
---|---|
To: | <pgsql-novice(at)postgresql(dot)org> |
Subject: | Configuring Postgresql to use PAM |
Date: | 2007-08-10 19:58:16 |
Message-ID: | 174112B8F646484A89DDC7A3DD25B4B6054DB1@SNV-EXVS05.ds.corp.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Hi,
I'm trying to set up my DB to authenticate against a PAM back-end (in
this case just a plain old local password DB).
Here's my configuration as it currently stands:
positionwhile[pg]% grep pam /var/lib/pgsql/metadata/pg_hba.conf
# "krb4", "krb5", "ident", or "pam". Note that "password" sends
passwords
local authtest all pam
postgresql
positionwhile[pg]% more /etc/pam.d/postgresql
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
The system is a CentOS 4.4 box, and I'm running PostgreSQL 8.0.6.
When I test the core pam functionality using pamtester, I get the
following:
positionwhile[pamtester-0.1.2]% src/pamtester -v postgresql
mporwit authenticate
pamtester: invoking pam_start(postgresql, mporwit, ...)
pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated
Looks like a success to me.
However, when I try to get psql to do password authentication, I get the
following:
positionwhile[postgresql-8.0.13]% psql authtest
Password:
psql: FATAL: PAM authentication failed for user "mporwit"
And this shows up in my logs:
LOG: connection received: host=[local] port=
DEBUG: forked new backend, pid=1430 socket=11
DEBUG: received password packet
LOG: pam_authenticate failed: Authentication failure
FATAL: PAM authentication failed for user "mporwit"
DEBUG: proc_exit(0)
DEBUG: shmem_exit(0)
DEBUG: exit(0)
DEBUG: reaping dead processes
DEBUG: server process (PID 1430) exited with exit code 0
Any insight here would be appreciated. Are there any other tweaks I may
have missed?
Thanks,
Marcin
mporwit [AT] yahoo-inc [DOT] com
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew C. Uselton | 2007-08-10 20:21:09 | Re: pg_dump/pg_dumpall |
Previous Message | Alan Hodgson | 2007-08-10 19:20:05 | Re: pg_dump/pg_dumpall |