From: | Gémes Géza <geza(at)kzsdabas(dot)sulinet(dot)hu> |
---|---|
To: | Thomas Leduc <thomas(dot)leduc(at)cerma(dot)archi(dot)fr> |
Cc: | pgsql-admin(at)postgresql(dot)org |
Subject: | Re: postgresql 7.4.6 and pam_ldap |
Date: | 2005-01-05 21:20:25 |
Message-ID: | 41DC5A19.9020506@kzsdabas.sulinet.hu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Thomas Leduc írta:
>Hi,
>I know that i'm not the 1st one who want's to use pam_ldap to
>authenticate users (55 posts with keywords ldap and pam...). But it
>also didn't work for me. Please, what's wrong with the following:
>
>% pg_config --configure
>'--host=i386-redhat-linux' '--build=i386-redhat-linux'
>[...]
>'--with-openssl' '--with-pam' '--with-krb5=/usr' '--enable-nls'
>[...]
>
>% cat <<EOF > pg_hba.conf
>local all postgres ident sameuser
>local all all pam postgresql
>host all all 127.0.0.1/32 pam postgresql
>host all all 192.168.10.0/24 pam postgresql
>EOF
>
>% cat <<EOF > /etc/pam.d/postgresql--tage
>auth required pam_stack.so service=system-auth
>EOF
>
>% pg_ctl reload
>% createuser --adduser --createdb leduc
>% createdb --owner=leduc --echo leduc
>
>% id postgres
>uid=26(postgres) gid=26(postgres) groupes=26(postgres)
>$ psql --quiet leduc
>leduc=# SELECT 1+1;
>... IT WORKS !!!
>
>% id
>uid=252(leduc) gid=100(users) groupes=100(users)
>% psql
>Mot de passe :
>psql: FATAL: PAM authentication échouée pour l'utilisateur "leduc"
>... IT DOESN'T WORK !!!
>% tail -f /var/log/messages
>Jan 5 17:41:17 tage postgresql(pam_unix)[12625]: auth could not identify password for [leduc]
>Jan 5 17:41:21 tage postgresql(pam_unix)[12627]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost= user=leduc
>
>% psql -U leduc -W
>Mot de passe :
>psql: FATAL: PAM authentication échouée pour l'utilisateur "leduc"
>... IT DOESN'T WORK !!!
>% tail -f /var/log/messages
>Jan 5 17:42:11 tage postgresql(pam_unix)[12635]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost= user=leduc
>
>
>
I would suggest to retry it with a postgres user readable
/etc/pam.d/postgresql
an with a pg_hba.conf without postgres specified on the last field after
pam. Also if you want ldap authentication, take care, that in
/etc/pam.d/postgresql you don't reference any other non pam_ldap module,
and your /etc/ldap.conf is readable by postgres user.
Good Luck!
Geza
From | Date | Subject | |
---|---|---|---|
Next Message | Bradley Kieser | 2005-01-06 00:20:44 | Nullable columns and views |
Previous Message | Thomas Leduc | 2005-01-05 16:43:21 | postgresql 7.4.6 and pam_ldap |