CentOS 4.4 which means postgresql-server-7.4.13-2.RHEL4.1
I'm starting to deal with the notion of allowing other users access
(read only) to a db.
Experimenting on my own db...
host all main_user 192.168.2.10 255.255.255.0 trust
host all all 127.0.0.1 255.255.255.255 trust
host all craig 192.168.2.10 255.255.255.255 pam
because I want to use LDAP authentication via pam.
logs say...
Nov 8 20:18:26 srv1 postgresql: Starting postgresql service: succeeded
Nov 8 20:18:39 srv1 postgres[21020]: PAM audit_open() failed:
Permission denied
Nov 8 20:18:39 srv1 postgres[21020]: [2-1] LOG: pam_authenticate
failed: System error
Nov 8 20:18:39 srv1 postgres[21020]: [3-1] FATAL: PAM authentication
failed for user "craig"
Below is pam info - if anyone can tell me how I might configure this so
I can authenticate via LDAP I would appreciate it.
Craig
# cat /etc/pam.d/postgresql
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
which was cribbed from /etc/pam.d/sshd
# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account [default=bad success=ok
user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so