Postgres Pro
Downloads
Home   >   mailing lists

Re: pam authentication for postgres - Mailing list pgsql-general

From Jan Wieck
Subject Re: pam authentication for postgres
Date
Msg-id 3FC53FAD.2070306@Yahoo.com
Whole thread Raw
In response to Re: pam authentication for postgres  ("Jason Tesser" <JTesser@nbbc.edu>)
List pgsql-general
Tree view 
Jason,

it seems you are unfamiliar with the basic rules of user support. If you
try to filter as much as possible and only post the tiny snippets of
information "you" think are important, the chances that someone else
finds the point you overlooked are close to none.

Please post a comprehensive description of what you're trying to do
together with the configuration files you use.


Jan

Jason Tesser wrote:

> sorry for teh double posting I forgot the steps at the end
>
> OK I am still trying to get pam working
>
> here is the messages I have is the log from trying to log in
>
> Nov 26 08:55:16 localhost postgresql(pam_unix)[22693]: authentication failure; logname= uid=26 euid=26 tty= ruser=
rhost= user=cherring 
> Nov 26 08:55:16 localhost pam_winbind[22693]: user 'cherring' granted acces
>
> as you can see winbind is actually granting access but fro some reason poasgres still denies it.
> weird.  any ideas.
>
> the steps I have done are listed below
>> note: i'm no sysad, nor do i even pretend to understand pam, the linux kernel,
>> or postgresql, but this setup is a safe, working, postgresql/linux/pam setup.
>>
>> 0) configure postgresql for pam, for example
>>
>>       [root ( at ) omega tmp]# grep pam /usr/local/pgsql/data/pg_hba.conf
>>       host    all         all          137.75.0.0        255.255.0.0       pam
>>
>> 1) create a /etc/pam.d/postgresql entry, here's how i did mine
>>
>>       [root ( at ) omega tmp]# cp /etc/pam.d/passwd /etc/pam.d/postgresql
>>
>>   i don't know if it's the best setup, but it works!  mine looks like this
>>
>>       [root ( at ) omega tmp]# cat /etc/pam.d/postgresql
>>       #%PAM-1.0
>>       auth       required     /lib/security/pam_stack.so service=system-auth
>>       account    required     /lib/security/pam_stack.so service=system-auth
>>       password   required     /lib/security/pam_stack.so service=system-auth
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if your
>       joining column's datatypes do not match


--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #

pgsql-general by date:

Previous
From: Stephen Robert Norris
Date:
Subject: Re: Humor me: Postgresql vs. MySql (esp. licensing) (OT)
Next
From: greg@turnstep.com
Date:
Subject: Re: postgres metadata