Re: PAM

I was testing this on a 7.3 beta the other week to try to make it work
with LDAP authentication, and I think I only got it working if I bypased
the system-auth PAM file that everything was normally funneled through.
I don't know exactly why it wasn't working, but whenever I put a line
that used pam_unix.so it would fail with the same error you are
encountering.

I didn't invest a huge amount of time figuring out why pam_unix.so was
causing a problem because I wanted to use pam_ldap.so anyways.

There doesn't seem to be many examples out there that I could find that
I got to work. FYI I am testing on RedHat 7.x and 8.0 machines.

Tim

EMOTO Masahiko wrote:
> Does anyone show me a sample of PAM authenticate file?
>
> I want to use pam for client authentication, and I create pg_hba.cnf as,
>
>
>>host all all 127.0.0.1 255.255.255.255 trust
>>host all all 192.168.0.0 255.255.0.0 pam postgresql
>
>
> and /etc/pam.d/postgresql as
>
>>auth required /lib/security/pam_stack.so service=system-auth
>>account required /lib/security/pam_stack.so service=system-auth
>
>
> I tried to connect to the server, but failed. The messages I received were follows;
>
>
>>[CLIENT]
>>% psql -h dgpc1 db1 -U emo
>>Password:
>>psql: FATAL: PAM authentication failed for user "emo"
>>
>>[SERVER]
>>DEBUG: reaping dead processes
>>DEBUG: child process (pid 15642) exited with exit code 0
>>DEBUG: BackendStartup: forked pid=15643 socket=8
>>DEBUG: received PAM packet
>>LOG: CheckPAMAuth: pam_authenticate failed: 'Authentication failure'
>>FATAL: PAM authentication failed for user "emo"
>>DEBUG: proc_exit(0)
>>DEBUG: shmem_exit(0)
>>DEBUG: exit(0)
>>DEBUG: reaping dead processes
>
>
> The user account exists in the database, and I typed the system password.
>
>
> Environment:
> OS : Linux Kernel 2.4.19
> PostgreSQL 7.3
>
>
> By the way, what really I want to do is to configure the server behave like FTP servers;
> All the users except the guest (anonymous) requires the password authentication.
> The guest user can only read the data, and cannot alter the data.
> Are there any solutions to do this?
>
>
> --- EMOTO Masahiko ---
>
> ---------------------------(end of broadcast)---------------------------
> TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org