Skip site navigation (1) Skip section navigation (2)

Configuring Postgresql to use PAM

From: "Marcin Porwit" <mporwit(at)yahoo-inc(dot)com>
To: <pgsql-novice(at)postgresql(dot)org>
Subject: Configuring Postgresql to use PAM
Date: 2007-08-10 19:58:16
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice


I'm trying to set up my DB to authenticate against a PAM back-end (in
this case just a plain old local password DB).


Here's my configuration as it currently stands:

       positionwhile[pg]% grep pam /var/lib/pgsql/metadata/pg_hba.conf

       # "krb4", "krb5", "ident", or "pam".  Note that "password" sends

       local   authtest         all                            pam


       positionwhile[pg]% more /etc/pam.d/postgresql


       auth       required service=system-auth

       account    required service=system-auth


The system is a CentOS 4.4 box, and I'm running PostgreSQL 8.0.6.


When I test the core pam functionality using pamtester, I get the

       positionwhile[pamtester-0.1.2]% src/pamtester -v postgresql
mporwit authenticate

 pamtester: invoking pam_start(postgresql, mporwit, ...)

       pamtester: performing operation - authenticate


       pamtester: successfully authenticated


Looks like a success to me.


However, when I try to get psql to do password authentication, I get the

      positionwhile[postgresql-8.0.13]% psql authtest


      psql: FATAL:  PAM authentication failed for user "mporwit"


And this shows up in my logs:

      LOG:  connection received: host=[local] port=

      DEBUG:  forked new backend, pid=1430 socket=11

      DEBUG:  received password packet

      LOG:  pam_authenticate failed: Authentication failure

      FATAL:  PAM authentication failed for user "mporwit"

      DEBUG:  proc_exit(0)

      DEBUG:  shmem_exit(0)

      DEBUG:  exit(0)

      DEBUG:  reaping dead processes

      DEBUG:  server process (PID 1430) exited with exit code 0


Any insight here would be appreciated. Are there any other tweaks I may
have missed?





mporwit [AT] yahoo-inc [DOT] com


pgsql-novice by date

Next:From: Andrew C. UseltonDate: 2007-08-10 20:21:09
Subject: Re: pg_dump/pg_dumpall
Previous:From: Alan HodgsonDate: 2007-08-10 19:20:05
Subject: Re: pg_dump/pg_dumpall

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group