Craig White <craigwhite@azapple.com> writes:
> I haven't had to fool too much with pam for authenticating other
> services so I'm a little bit out of my knowledge base but I know that it
> was simple to add netatalk into the pam authentication and expected that
> postgresql would be similar.
FWIW, we ship this PAM config file in the Red Hat PG RPMs:
#%PAM-1.0
auth include system-auth
account include system-auth
which AFAIR looks about the same as the corresponding files for other
services. It's installed as /etc/pam.d/postgresql.
I concur with the other response that you need to find out where the
"Permission denied" failure is coming from. There is no "audit_open"
in the Postgres sources so it sounds like an internal failure in the PAM
libraries. If nothing else comes to mind, try strace'ing the postmaster
to see what kernel call draws that failure.
regards, tom lane
