Postgres Pro
Downloads
Home   >   mailing lists

Re: anyone knows about pam_pgsql ? - Mailing list pgsql-general

From Tommi Mäkitalo
Subject Re: anyone knows about pam_pgsql ?
Date
Msg-id 3C0213A5.9020704@epgmbh.de
Whole thread Raw
In response to anyone knows about pam_pgsql ?  (Peter Pilsl <pilsl@goldfisch.at>)
List pgsql-general
Tree view 
Hello Peter,

nss and pam are different things. Pam is almost unusable without a
suitable nss-module. Nss make a user to exist in your system. Pam
checkes (among other things), if he is allowed to use a service. If you
use pam_pgsql without libnss-pgsql you have to add every user to your
/etc/passwd. But you don't need to give them passwords. That's what pam
does.

I checked my version of libnss-pgsql. I get a compile-error in
backend.c. The include-path of postgresql is errorenous. I checked that
and updated to 0.9.0tm3. The version libnss-pgsql-1.00 has the same bug.

There instructions to install the module is almost not there. You should
do this:
- download
- tar xvzf libnss-pgsql-0.9.0tm3.tar.gz
- cd libnss-pgsql-0.9.0tm3
- ./configure
- make
- make install (as root)
- set up your database (you can find a example schema in crebas.sql)
- edit nss-pgsql.conf and copy to /etc/nss-pgsql.conf
- edit /etc/nsswitch.conf to use pgsql (change 'passwd: compat' to
'passwd: files pgsql' and 'group: compat' to 'group: files pgsql'

It should work now. You can try it out with 'chown pguser ttt'. The file
ttt need not exist. 'chown' should complain about it. If you libnss does
not work it complains about not existing user 'pguser'.


Tommi


Peter Pilsl wrote:

>thnx a lot for your reply. I would like to give the nss a try, but I
>dont have the slightest idea how to use it (in case I managed to
>compile).
>
>I just know how to use pam by adding a appropriate login-file to /etc/pam.d/ that contains things like:
>auth       required     /lib/security/pam_securetty.so
>auth       required     /lib/security/pam_stack.so service=system-auth
>auth       required     /lib/security/pam_nologin.so
>account    required     /lib/security/pam_stack.so service=system-auth
>password   required     /lib/security/pam_stack.so service=system-auth
>session    required     /lib/security/pam_stack.so service=system-auth
>session    optional     /lib/security/pam_console.so
>
>how would look this enty in case I'm using one of the nss-pgsql-tools ?
>
>sorry, but I'm really 100% newbie on nss.
>
>thnx,
>peter
>
>>
...

pgsql-general by date:

Previous
From: Denis Gasparin
Date:
Subject: How to address field names in a join query
Next
From: "Mourad EL HADJ MIMOUNE"
Date:
Subject: Use of cursor in PLPGSQL function