Thread: PAM Authentication and Postgresql 7.3
I am trying to set up PAM authentication with postgres 7.3.1. This is under Mandrake Linux 8.2 for i586. I've searched the archives and haven't yet found a solution. Here is the pg_hba.conf file: -------------------------------- # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD local all all trust host all all 127.0.0.1 255.255.255.255 trust host all all 0.0.0.0 0.0.0.0 pam postgresql -------------------------------- pg_config --configure shows this: -------------------------------- '--prefix=/usr/local/pgsql' '--with-perl' '--with-pam' '--with-openssl=/opt/openssl' '--without-readline' '--with-libraries=/usr/lib:/lib:/usr/local/lib' -------------------------------- And here is the error I am getting: ---------------------------------- 2003-01-13 09:50:37 LOG: connection received: host=hc652a8a3.dhcp.vt.edu[198.82.168.163] port=33104 2003-01-13 09:50:37 LOG: parse_hba: invalid syntax in pg_hba.conf file at line 92, token "pam" 2003-01-13 09:50:37 FATAL: Missing or erroneous pg_hba.conf file, see postmaster log for details ---------------------------------- It looks like the server isn't recognizing the 'pam' keyword in pg_hba.conf, but I can't figure out why this is happening. -- Christopher L McNabb Tel: 540 231 7554 Operating Systems Analyst Email: cmcnabb@vt.edu Virginia Tech ICBM: 37.205622N 80.414595W GMRS: WPSR255 ARS: N2UX Grid Sq: EM97SD
You must set the PAM's authentication file, you should have a configuration file with the authentication settings for the postgresql server in pam.d directory, for example if you auth file is "postgresl" your pg_hba.conf file: host all all 0.0.0.0 0.0.0.0 pam postgresql Saludos, Ing. Gabriel Monsalvo ----- Original Message ----- From: "Christopher McNabb" <cmcnabb@vt.edu> To: <pgsql-admin@postgresql.org> Sent: Monday, January 13, 2003 11:59 AM Subject: [ADMIN] PAM Authentication and Postgresql 7.3 > I am trying to set up PAM authentication with postgres 7.3.1. This is > under Mandrake Linux 8.2 for i586. I've searched the archives and > haven't yet found a solution. > Here is the pg_hba.conf file: > -------------------------------- > # TYPE DATABASE USER IP-ADDRESS IP-MASK > METHODhost all all 0.0.0.0 0.0.0.0 pam > postgresql > > local all all > trust > host all all 127.0.0.1 255.255.255.255 > trust > > -------------------------------- > > pg_config --configure shows this: > -------------------------------- > '--prefix=/usr/local/pgsql' '--with-perl' '--with-pam' > '--with-openssl=/opt/openssl' '--without-readline' > '--with-libraries=/usr/lib:/lib:/usr/local/lib' > -------------------------------- > > And here is the error I am getting: > ---------------------------------- > 2003-01-13 09:50:37 LOG: connection received: > host=hc652a8a3.dhcp.vt.edu[198.82.168.163] port=33104 > 2003-01-13 09:50:37 LOG: parse_hba: invalid syntax in pg_hba.conf file > at line 92, token "pam" > 2003-01-13 09:50:37 FATAL: Missing or erroneous pg_hba.conf file, see > postmaster log for details > ---------------------------------- > > It looks like the server isn't recognizing the 'pam' keyword in > pg_hba.conf, but I can't figure out why this is happening. > > -- > Christopher L McNabb Tel: 540 231 7554 > Operating Systems Analyst Email: cmcnabb@vt.edu > Virginia Tech ICBM: 37.205622N 80.414595W > GMRS: WPSR255 ARS: N2UX Grid Sq: EM97SD > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) > >
On Mon, 2003-01-13 at 10:13, Ing. Gabriel Monsalvo wrote: > You must set the PAM's authentication file, you should have a configuration > file with the authentication settings for the postgresql server in pam.d > directory, for example if you auth file is "postgresl" your pg_hba.conf > file: > Yeah, I forgot to mention in the earlier post that I had done this. Here are the contents of /etc/pam.d/postgresql: ---------------------- auth required /lib/security/pam_ldap.so #nullok #set_secrpc account required /lib/security/pam_ldap.so ---------------------- -- Christopher L McNabb Tel: 540 231 7554 Operating Systems Analyst Email: cmcnabb@vt.edu Virginia Tech ICBM: 37.205622N 80.414595W GMRS: WPSR255 ARS: N2UX Grid Sq: EM97SD
Christopher McNabb <cmcnabb@vt.edu> writes: > I am trying to set up PAM authentication with postgres 7.3.1. I'm not a PAM user, but your pg_hba entry seems correct according to the docs: > host all all 0.0.0.0 0.0.0.0 pam > postgresql assuming that that's really one line and your message was just line-wrapped by your mailer. > 2003-01-13 09:50:37 LOG: parse_hba: invalid syntax in pg_hba.conf file > at line 92, token "pam" > 2003-01-13 09:50:37 FATAL: Missing or erroneous pg_hba.conf file, see > postmaster log for details This is the behavior I would expect to see if PAM support were not present in the postmaster. Are you certain that your pg_config file corresponds to the installed, running postmaster? Another possibility is that the postmaster has cached a previous version of pg_hba.conf in which the syntax was indeed incorrect. If you've been editing pg_hba.conf, did you SIGHUP the postmaster afterwards? ("pg_ctl reload" is the same as SIGHUP) regards, tom lane