On Thu, 2006-11-09 at 16:34 -0300, Alvaro Herrera wrote:
> Tom Lane wrote:
> > Craig White <craigwhite@azapple.com> writes:
> > > I haven't had to fool too much with pam for authenticating other
> > > services so I'm a little bit out of my knowledge base but I know that it
> > > was simple to add netatalk into the pam authentication and expected that
> > > postgresql would be similar.
> >
> > FWIW, we ship this PAM config file in the Red Hat PG RPMs:
> >
> > #%PAM-1.0
> > auth include system-auth
> > account include system-auth
> >
> > which AFAIR looks about the same as the corresponding files for other
> > services. It's installed as /etc/pam.d/postgresql.
>
> For this to work you need a system-auth file in /etc/pam.d, which would
> have lines for auth/account/required etc, and not just "includes".
>
> PAM seems to be another area on which Linux distributors have been
> diverging wildly for a long time; for example here on Debian the include
> lines look like
>
> auth requisite pam_nologin.so
> auth required pam_env.so
> @include common-auth
> @include common-account
> session required pam_limits.so
>
> so I doubt one distro's config files are applicable to any other.
----
and I'm on a Red Hat system which obviously Tom is familiar with since
he is the packager for RH / postgres but I don't think that is the issue
but I have adopted his pam file.
Thanks
Craig
