Hi,
I’m trying to set up my DB to authenticate against a PAM back-end (in this case just a plain old local password DB).
Here’s my configuration as it currently stands:
positionwhile[pg]% grep pam /var/lib/pgsql/metadata/pg_hba.conf
# "krb4", "krb5", "ident", or "pam". Note that "password" sends passwords
local authtest all pam postgresql
positionwhile[pg]% more /etc/pam.d/postgresql
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
The system is a CentOS 4.4 box, and I’m running PostgreSQL 8.0.6.
When I test the core pam functionality using pamtester, I get the following:
positionwhile[pamtester-0.1.2]% src/pamtester -v postgresql mporwit authenticate
pamtester: invoking pam_start(postgresql, mporwit, ...)
pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated
Looks like a success to me.
However, when I try to get psql to do password authentication, I get the following:
positionwhile[postgresql-8.0.13]% psql authtest
Password:
psql: FATAL: PAM authentication failed for user "mporwit"
And this shows up in my logs:
LOG: connection received: host=[local] port=
DEBUG: forked new backend, pid=1430 socket=11
DEBUG: received password packet
LOG: pam_authenticate failed: Authentication failure
FATAL: PAM authentication failed for user "mporwit"
DEBUG: proc_exit(0)
DEBUG: shmem_exit(0)
DEBUG: exit(0)
DEBUG: reaping dead processes
DEBUG: server process (PID 1430) exited with exit code 0
Any insight here would be appreciated. Are there any other tweaks I may have missed?
Thanks,
Marcin
mporwit [AT] yahoo-inc [DOT] com