Thread: initdb
I just tried initdb with the -A pam option and no -W. As expected, I can't log into the instance. There is a MD5 hash and postgres still defaults to password authentication even though I did not use the -W. Is this a bug? And I can't log into it because I have no idea what password it used. Even if I did, it's not set up how I want it to be. I want to log in with PAM.
In our company, behind the scenes pam uses openldap. It works fine adding a user with out a password still works fine. It's the postgres user that I'm concerned with. The way it is now if we change the postgres password in openldap we'd be at a loss connecting since it's using MD5.
One thing I was thinking of is using a different username for the super user like -U Tom for the initdb. Then, just adding the user postgres later via my method I know works. We add the user, just not specifiying a password. When we log in with that user the defaul goes to ldap and we can easily log in.
Maybe things have changed with version 8.3x and there is something else I should do to specifically configure ldap instead of pam. I did notice ldap in the pg_hba as an alternative method and don't remember that as a specific method before, just pam.
Thanks,
~DjK
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail. See how it works.
In our company, behind the scenes pam uses openldap. It works fine adding a user with out a password still works fine. It's the postgres user that I'm concerned with. The way it is now if we change the postgres password in openldap we'd be at a loss connecting since it's using MD5.
One thing I was thinking of is using a different username for the super user like -U Tom for the initdb. Then, just adding the user postgres later via my method I know works. We add the user, just not specifiying a password. When we log in with that user the defaul goes to ldap and we can easily log in.
Maybe things have changed with version 8.3x and there is something else I should do to specifically configure ldap instead of pam. I did notice ldap in the pg_hba as an alternative method and don't remember that as a specific method before, just pam.
Thanks,
~DjK
Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail. See how it works.
dx k9 <bitsandbytes88@hotmail.com> writes:
> I just tried initdb with the -A pam option and no -W. As expected, I
> can't log into the instance. There is a MD5 hash and postgres still
> defaults to password authentication even though I did not use the -W.
> Is this a bug?
No. initdb is not intended to set up any possible authorization
configuration for you; it only handles two or three common cases.
Feel free to adjust the configuration files afterward.
regards, tom lane