Thread: Configuring Postgresql to use PAM

Hi,

I’m trying to set up my DB to authenticate against a PAM back-end (in this case just a plain old local password DB).

Here’s my configuration as it currently stands:

       positionwhile[pg]% grep pam /var/lib/pgsql/metadata/pg_hba.conf

       # "krb4", "krb5", "ident", or "pam".  Note that "password" sends passwords

       local   authtest         all                            pam postgresql

       positionwhile[pg]% more /etc/pam.d/postgresql

       #%PAM-1.0

       auth       required     pam_stack.so service=system-auth

       account    required     pam_stack.so service=system-auth

The system is a CentOS 4.4 box, and I’m running PostgreSQL 8.0.6.

When I test the core pam functionality using pamtester, I get the following:

       positionwhile[pamtester-0.1.2]% src/pamtester -v postgresql mporwit authenticate

 pamtester: invoking pam_start(postgresql, mporwit, ...)

       pamtester: performing operation - authenticate

       Password:

       pamtester: successfully authenticated

Looks like a success to me.

However, when I try to get psql to do password authentication, I get the following:

      positionwhile[postgresql-8.0.13]% psql authtest

      Password:

      psql: FATAL:  PAM authentication failed for user "mporwit"

And this shows up in my logs:

      LOG:  connection received: host=[local] port=

      DEBUG:  forked new backend, pid=1430 socket=11

      DEBUG:  received password packet

      LOG:  pam_authenticate failed: Authentication failure

      FATAL:  PAM authentication failed for user "mporwit"

      DEBUG:  proc_exit(0)

      DEBUG:  shmem_exit(0)

      DEBUG:  exit(0)

      DEBUG:  reaping dead processes

      DEBUG:  server process (PID 1430) exited with exit code 0

Any insight here would be appreciated. Are there any other tweaks I may have missed?

Thanks,

Marcin

mporwit [AT] yahoo-inc [DOT] com