Re: postgresql 7.4.6 and pam_ldap

Thomas Leduc írta:

>Hi,
>I know that i'm not the 1st one who want's to use pam_ldap to
>authenticate users (55 posts with keywords ldap and pam...). But it
>also didn't work for me. Please, what's wrong with the following:
>
>% pg_config --configure
>'--host=i386-redhat-linux' '--build=i386-redhat-linux'
>[...]
>'--with-openssl' '--with-pam' '--with-krb5=/usr' '--enable-nls'
>[...]
>
>% cat <<EOF > pg_hba.conf
>local all postgres ident sameuser
>local all all pam postgresql
>host all all 127.0.0.1/32 pam postgresql
>host all all 192.168.10.0/24 pam postgresql
>EOF
>
>% cat <<EOF > /etc/pam.d/postgresql--tage
>auth required pam_stack.so service=system-auth
>EOF
>
>% pg_ctl reload
>% createuser --adduser --createdb leduc
>% createdb --owner=leduc --echo leduc
>
>% id postgres
>uid=26(postgres) gid=26(postgres) groupes=26(postgres)
>$ psql --quiet leduc
>leduc=# SELECT 1+1;
>... IT WORKS !!!
>
>% id
>uid=252(leduc) gid=100(users) groupes=100(users)
>% psql
>Mot de passe :
>psql: FATAL: PAM authentication échouée pour l'utilisateur "leduc"
>... IT DOESN'T WORK !!!
>% tail -f /var/log/messages
>Jan 5 17:41:17 tage postgresql(pam_unix)[12625]: auth could not identify password for [leduc]
>Jan 5 17:41:21 tage postgresql(pam_unix)[12627]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost= user=leduc
>
>% psql -U leduc -W
>Mot de passe :
>psql: FATAL: PAM authentication échouée pour l'utilisateur "leduc"
>... IT DOESN'T WORK !!!
>% tail -f /var/log/messages
>Jan 5 17:42:11 tage postgresql(pam_unix)[12635]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost= user=leduc
>
>
>
I would suggest to retry it with a postgres user readable
/etc/pam.d/postgresql
an with a pg_hba.conf without postgres specified on the last field after
pam. Also if you want ldap authentication, take care, that in
/etc/pam.d/postgresql you don't reference any other non pam_ldap module,
and your /etc/ldap.conf is readable by postgres user.

Good Luck!

Geza