Thread: PostgreSQL pam ldap document
All,
I visited #postgresql @ FreeNode and asked about how to make pg use pam
about a week ago (specifically I wanted to auth against LDAP). I was
told to figure it out and write a doc...
Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL
Please review for accuracy and/or proofreading.
Thanks,
Adrian
Adrian Nida wrote: > All, > > I visited #postgresql @ FreeNode and asked about how to make pg use pam > about a week ago (specifically I wanted to auth against LDAP). I was > told to figure it out and write a doc... > > Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL > > Please review for accuracy and/or proofreading. I get a "not exists" error on that URL. I assume you looked at: http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM Do you have additions to it? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
On Fri, Mar 11, 2005 at 11:42:53AM -0500, Bruce Momjian wrote: > Adrian Nida wrote: > > All, > > > > I visited #postgresql @ FreeNode and asked about how to make pg use pam > > about a week ago (specifically I wanted to auth against LDAP). I was > > told to figure it out and write a doc... > > > > Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL > > > > Please review for accuracy and/or proofreading. > > I get a "not exists" error on that URL. http://itc.musc.edu/wiki/PostgreSQL (only 4 capital letters) works. > I assume you looked at: > > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM > > Do you have additions to it? 'pears so :) Cheers, D -- David Fetter david@fetter.org http://fetter.org/ phone: +1 510 893 6100 mobile: +1 415 235 3778 Remember to vote!
<Snip/> >>Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL <Snip/> > I get a "not exists" error on that URL. Sorry, I renamed the URL after someone pointed out the correct spelling. This was a link to the old one. I apologize for the confusion, the right URL is: http://itc.musc.edu/wiki/PostgreSQL > I assume you looked at: > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM > Do you have additions to it? Yes, I did look at it. No offense to the original author, but my doc has a lot more than the four sentences that are there. I was hoping it would help others in my situation. Again any and all comments/questions/blah are appreciated. Thanks, Adrian
Attachment
* Adrian Nida <nida@musc.edu> [0307 18:07]: > <Snip/> > >>Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL > <Snip/> > >I get a "not exists" error on that URL. > Sorry, I renamed the URL after someone pointed out the correct spelling. > This was a link to the old one. I apologize for the confusion, the > right URL is: > > http://itc.musc.edu/wiki/PostgreSQL > > >I assume you looked at: > > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM > >Do you have additions to it? > > Yes, I did look at it. No offense to the original author, but my doc > has a lot more than the four sentences that are there. I was hoping it > would help others in my situation. Again any and all > comments/questions/blah are appreciated. I think the point he's trying to make is that most of your howto is how to setup pg_hba.conf (which is in the docs anyway) and how to set up pam_ldap for a service (which is really a pam howto). It'd be nice if the docs at http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM said 'you need to createuser(8) a postgres user too. PAM is only used to validate a username/password pair - the user has to exist in postgres as well.' and it will, once it updates :) -- 'When the door hits you in the ass on the way out, clean off the smudge your ass leaves, please' -- Alien loves Predator Rasputin :: Jack of All Trades - Master of Nuns
Addition added to PAM documentation. Patch attached and will appear in 8.0.3. --------------------------------------------------------------------------- Dick Davies wrote: > * Adrian Nida <nida@musc.edu> [0307 18:07]: > > <Snip/> > > >>Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL > > <Snip/> > > >I get a "not exists" error on that URL. > > Sorry, I renamed the URL after someone pointed out the correct spelling. > > This was a link to the old one. I apologize for the confusion, the > > right URL is: > > > > http://itc.musc.edu/wiki/PostgreSQL > > > > >I assume you looked at: > > > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM > > >Do you have additions to it? > > > > Yes, I did look at it. No offense to the original author, but my doc > > has a lot more than the four sentences that are there. I was hoping it > > would help others in my situation. Again any and all > > comments/questions/blah are appreciated. > > I think the point he's trying to make is that most of your howto is > how to setup pg_hba.conf (which is in the docs anyway) and how to set up pam_ldap > for a service (which is really a pam howto). > > It'd be nice if the docs at > > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM > > said > > 'you need to createuser(8) a postgres user too. PAM is only used to > validate a username/password pair - the user has to exist in postgres as well.' > > and it will, once it updates :) > > > > -- > 'When the door hits you in the ass on the way out, clean off the smudge > your ass leaves, please' > -- Alien loves Predator > Rasputin :: Jack of All Trades - Master of Nuns > > ---------------------------(end of broadcast)--------------------------- > TIP 7: don't forget to increase your free space map settings > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 Index: doc/src/sgml/client-auth.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v retrieving revision 1.76 diff -c -c -r1.76 client-auth.sgml *** doc/src/sgml/client-auth.sgml 22 Apr 2005 04:18:58 -0000 1.76 --- doc/src/sgml/client-auth.sgml 26 Apr 2005 02:50:34 -0000 *************** *** 883,890 **** default PAM service name is <literal>postgresql</literal>. You can optionally supply your own service name after the <literal>pam</> key word in the file <filename>pg_hba.conf</filename>. ! For more information about PAM, please read the ! <ulink url="http://www.kernel.org/pub/linux/libs/pam/"> <productname>Linux-PAM</> Page</ulink> and the <ulink url="http://www.sun.com/software/solaris/pam/"> <systemitem class="osname">Solaris</> PAM Page</ulink>. --- 883,892 ---- default PAM service name is <literal>postgresql</literal>. You can optionally supply your own service name after the <literal>pam</> key word in the file <filename>pg_hba.conf</filename>. ! PAM is used only to validate username/password pairs. ! The user must already exist in the database before PAM ! can be used for authentication. For more information about ! PAM, please read the <ulink url="http://www.kernel.org/pub/linux/libs/pam/"> <productname>Linux-PAM</> Page</ulink> and the <ulink url="http://www.sun.com/software/solaris/pam/"> <systemitem class="osname">Solaris</> PAM Page</ulink>.