Thread: PAM Authentication and Postgresql 7.3

PAM Authentication and Postgresql 7.3

From
Christopher McNabb
Date:
I am trying to set up PAM authentication with postgres 7.3.1.  This is
under Mandrake Linux 8.2 for i586.  I've searched the archives and
haven't yet found a solution.
Here is the pg_hba.conf file:
--------------------------------
# TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK
METHOD

local   all         all
trust
host    all         all         127.0.0.1         255.255.255.255
trust
host    all         all         0.0.0.0           0.0.0.0           pam
postgresql
--------------------------------

pg_config --configure shows this:
--------------------------------
'--prefix=/usr/local/pgsql' '--with-perl' '--with-pam'
'--with-openssl=/opt/openssl' '--without-readline'
'--with-libraries=/usr/lib:/lib:/usr/local/lib'
--------------------------------

And here is the error I am getting:
----------------------------------
2003-01-13 09:50:37 LOG:  connection received:
host=hc652a8a3.dhcp.vt.edu[198.82.168.163] port=33104
2003-01-13 09:50:37 LOG:  parse_hba: invalid syntax in pg_hba.conf file
at line 92, token "pam"
2003-01-13 09:50:37 FATAL:  Missing or erroneous pg_hba.conf file, see
postmaster log for details
----------------------------------

It looks like the server isn't recognizing the 'pam' keyword in
pg_hba.conf, but I can't figure out why this is happening.

--
Christopher L McNabb              Tel:   540 231 7554
Operating Systems Analyst         Email: cmcnabb@vt.edu
Virginia Tech                     ICBM:  37.205622N 80.414595W
GMRS: WPSR255                     ARS:   N2UX  Grid Sq: EM97SD

Re: PAM Authentication and Postgresql 7.3

From
"Ing. Gabriel Monsalvo"
Date:
You must set the PAM's authentication file, you should have a configuration
file with the authentication settings for the postgresql server in pam.d
directory, for example if you auth file is "postgresl" your pg_hba.conf
file:

host    all         all         0.0.0.0           0.0.0.0           pam
postgresql

Saludos,
Ing. Gabriel Monsalvo

----- Original Message -----
From: "Christopher McNabb" <cmcnabb@vt.edu>
To: <pgsql-admin@postgresql.org>
Sent: Monday, January 13, 2003 11:59 AM
Subject: [ADMIN] PAM Authentication and Postgresql 7.3


> I am trying to set up PAM authentication with postgres 7.3.1.  This is
> under Mandrake Linux 8.2 for i586.  I've searched the archives and
> haven't yet found a solution.
> Here is the pg_hba.conf file:
> --------------------------------
> # TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK
> METHODhost    all         all         0.0.0.0           0.0.0.0
pam
> postgresql

>
> local   all         all
> trust
> host    all         all         127.0.0.1         255.255.255.255
> trust
> > --------------------------------
>
> pg_config --configure shows this:
> --------------------------------
> '--prefix=/usr/local/pgsql' '--with-perl' '--with-pam'
> '--with-openssl=/opt/openssl' '--without-readline'
> '--with-libraries=/usr/lib:/lib:/usr/local/lib'
> --------------------------------
>
> And here is the error I am getting:
> ----------------------------------
> 2003-01-13 09:50:37 LOG:  connection received:
> host=hc652a8a3.dhcp.vt.edu[198.82.168.163] port=33104
> 2003-01-13 09:50:37 LOG:  parse_hba: invalid syntax in pg_hba.conf file
> at line 92, token "pam"
> 2003-01-13 09:50:37 FATAL:  Missing or erroneous pg_hba.conf file, see
> postmaster log for details
> ----------------------------------
>
> It looks like the server isn't recognizing the 'pam' keyword in
> pg_hba.conf, but I can't figure out why this is happening.
>
> --
> Christopher L McNabb              Tel:   540 231 7554
> Operating Systems Analyst         Email: cmcnabb@vt.edu
> Virginia Tech                     ICBM:  37.205622N 80.414595W
> GMRS: WPSR255                     ARS:   N2UX  Grid Sq: EM97SD
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>
>


Re: PAM Authentication and Postgresql 7.3

From
Christopher McNabb
Date:
On Mon, 2003-01-13 at 10:13, Ing. Gabriel Monsalvo wrote:
> You must set the PAM's authentication file, you should have a configuration
> file with the authentication settings for the postgresql server in pam.d
> directory, for example if you auth file is "postgresl" your pg_hba.conf
> file:
>

Yeah, I forgot to mention in the earlier post that I had done this.
Here are the contents of /etc/pam.d/postgresql:
----------------------
auth       required    /lib/security/pam_ldap.so #nullok #set_secrpc
account    required     /lib/security/pam_ldap.so
----------------------
--
Christopher L McNabb              Tel:   540 231 7554
Operating Systems Analyst         Email: cmcnabb@vt.edu
Virginia Tech                     ICBM:  37.205622N 80.414595W
GMRS: WPSR255                     ARS:   N2UX  Grid Sq: EM97SD

Re: PAM Authentication and Postgresql 7.3

From
Tom Lane
Date:
Christopher McNabb <cmcnabb@vt.edu> writes:
> I am trying to set up PAM authentication with postgres 7.3.1.

I'm not a PAM user, but your pg_hba entry seems correct according to the
docs:

> host    all         all         0.0.0.0           0.0.0.0           pam
> postgresql

assuming that that's really one line and your message was just
line-wrapped by your mailer.

> 2003-01-13 09:50:37 LOG:  parse_hba: invalid syntax in pg_hba.conf file
> at line 92, token "pam"
> 2003-01-13 09:50:37 FATAL:  Missing or erroneous pg_hba.conf file, see
> postmaster log for details

This is the behavior I would expect to see if PAM support were not
present in the postmaster.  Are you certain that your pg_config file
corresponds to the installed, running postmaster?

Another possibility is that the postmaster has cached a previous version
of pg_hba.conf in which the syntax was indeed incorrect.  If you've been
editing pg_hba.conf, did you SIGHUP the postmaster afterwards?  ("pg_ctl
reload" is the same as SIGHUP)

            regards, tom lane