Thread: PAM authentication
ok - fairly new to postgresql & tring to set up tcp/ip access using pam authentication using gentoo_linux 1.4_rc2 postgresql-7.3.1 my pg_hba.conf file has the entries # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD local all all trust host all all 127.0.0.1 255.255.255.255 trust host all all 192.168.1.1 255.255.255.0 pam postgresql my /etc/pam.d/postgresql file has the entries #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth when i try to connect (locally).... # psql test -U brett Password: (password entered - i know it is correct) psql: FATAL: PAM authentication failed for user "brett" i get the following entries in /var/log/auth.log - and a Jan 31 16:31:47 achilles unix_chkpwd[25987]: check pass; user unknown Jan 31 16:31:47 achilles postgresql(pam_unix)[25986]: authentication failure; logname= uid=70 euid=70 tty= ruser= rhost= user=brett 'brett' has a system level account. i can connect as user 'brett' if pg_hba.conf is set to 'trust', but never when pam is involved... any ideas? i've been mucking around with this for a couple of days & not getting very far regards, brett
Brett, There was a PAM thread back in early December where we discussed this. I posted a bunch of PAM testing combinations that did/didn't work. One of which was trying to use system accounts through "system-auth" which is really pam_unix.so. This method would not work for me in 7.3.1 no matter what I tried. I also never found a solution. Google has the full thread here http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=asqqr7%242mqo%241%40news.hub.org&rnum=1&prev=/groups%3Fq%3DPostgresql%2BPAM%2BTim%2BFrank%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dasqqr7%25242mqo%25241%2540news.hub.org%26rnum%3D1 I had a look through some of the authentication source as well, but I didn't know enough about it to figure out what the problem might be specifically with pam_unix.so. Probably not what you wanted to hear, but you aren't the only one. Tim Brett Northcott wrote: > ok - fairly new to postgresql & tring to set up tcp/ip access using pam > authentication > using gentoo_linux 1.4_rc2 > postgresql-7.3.1 > > > my pg_hba.conf file has the entries > > # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD > > local all all trust > host all all 127.0.0.1 255.255.255.255 trust > host all all 192.168.1.1 255.255.255.0 pam > postgresql > > > my /etc/pam.d/postgresql file has the entries > > #%PAM-1.0 > > auth required pam_stack.so service=system-auth > account required pam_stack.so service=system-auth > > > when i try to connect (locally).... > # psql test -U brett > Password: (password entered - i know it is correct) > psql: FATAL: PAM authentication failed for user "brett" > > > i get the following entries in /var/log/auth.log - and a > Jan 31 16:31:47 achilles unix_chkpwd[25987]: check pass; user unknown > Jan 31 16:31:47 achilles postgresql(pam_unix)[25986]: authentication > failure; logname= uid=70 euid=70 tty= ruser= rhost= user=brett > > 'brett' has a system level account. > i can connect as user 'brett' if pg_hba.conf is set to 'trust', but never > when pam is involved... > > any ideas? i've been mucking around with this for a couple of days & not > getting very far > > regards, > > brett > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)