Re: LDAP authentication - Mailing list pgsql-general
| From | Tommi Maekitalo |
|---|---|
| Subject | Re: LDAP authentication |
| Date | |
| Msg-id | 200210241206.12448.t.maekitalo@epgmbh.de Whole thread Raw |
| In response to | Re: LDAP authentication (Richard Ray <rray1@netdoor.com>) |
| List | pgsql-general |
Hi, I just tried out. Pam works fine with pam_ldap on linux. But as a told you need to create databaseusers. I just configured postgresql with --with-pam and created (or copied one and modified) a /etc/pam.d/postgresql. Her is it: #%PAM-1.0 auth required pam_nologin.so auth sufficient pam_ldap.so auth required pam_unix.so nullok try_first_pass #set_secrpc account sufficient pam_ldap.so account required pam_unix.so password required pam_pwcheck.so nullok password required pam_ldap.so use_first_pass use_authok password required pam_unix.so nullok use_first_pass use_authtok Maybe you can create users with a cronjob, which queries ldap on a daily base about new (and retired) users. Postgresql do need entries in pg_shadow. I think it would be hard to hack authentication so that it does not need. It might be fine to see a generic way to create pg_shadow on the fly like nss does. It should be a table-function, which might query a ldap-tree. Tommi Am Mittwoch, 23. Oktober 2002 23:26 schrieb Richard Ray: > I've had no luck gettting PAM to work with PostgreSQL on HP/UX 11.00 and I > read that PostgreSQL doesn't allow user triggers on system tables. Not much > left but hack the PostgreSQL authentication code. > > Richard > > On Wednesday 23 October 2002 03:29 pm, you wrote: > > Postgresql supports pam. And there is pam_ldap. I haven't tried out yet. > > But I'm sure you need to create users in postgresql. Just authentication > > comes through pam. There is no nss_ldap as far as I know. > > > > > > Tommi > > > > Am Mittwoch, 23. Oktober 2002 21:38 schrieb Richard Ray: > > > Does anyone know if anyone has tried to use LDAP for authentication? > > > The management here is insisting on it. I'll write it from scratch if > > > neccassary. Any hints or pointers are appreciated. > > > > > > Thanks > > > Richard > > > > > > ---------------------------(end of > > > broadcast)--------------------------- TIP 2: you can get off all lists > > > at once with the unregister command (send "unregister > > > YourEmailAddressHere" to majordomo@postgresql.org) > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 3: if posting/reading through Usenet, please send an appropriate > > subscribe-nomail command to majordomo@postgresql.org so that your > > message can get through to the mailing list cleanly > > ---------------------------(end of broadcast)--------------------------- > TIP 6: Have you searched our list archives? > > http://archives.postgresql.org -- Dr. Eckhardt + Partner GmbH http://www.epgmbh.de
pgsql-general by date: