| From: | Craig White <craigwhite(at)azapple(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | authentication question |
| Date: | 2006-11-09 03:25:27 |
| Message-ID: | 1163042728.14079.22.camel@lin-workstation.azapple.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
CentOS 4.4 which means postgresql-server-7.4.13-2.RHEL4.1
I'm starting to deal with the notion of allowing other users access
(read only) to a db.
Experimenting on my own db...
host all main_user 192.168.2.10 255.255.255.0 trust
host all all 127.0.0.1 255.255.255.255 trust
host all craig 192.168.2.10 255.255.255.255 pam
because I want to use LDAP authentication via pam.
logs say...
Nov 8 20:18:26 srv1 postgresql: Starting postgresql service: succeeded
Nov 8 20:18:39 srv1 postgres[21020]: PAM audit_open() failed:
Permission denied
Nov 8 20:18:39 srv1 postgres[21020]: [2-1] LOG: pam_authenticate
failed: System error
Nov 8 20:18:39 srv1 postgres[21020]: [3-1] FATAL: PAM authentication
failed for user "craig"
Below is pam info - if anyone can tell me how I might configure this so
I can authenticate via LDAP I would appreciate it.
Craig
# cat /etc/pam.d/postgresql
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
which was cribbed from /etc/pam.d/sshd
# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account [default=bad success=ok
user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_ldap.so
| From | Date | Subject | |
|---|---|---|---|
| Next Message | mike | 2006-11-09 03:57:27 | Re: planer picks a bad plan (seq-scan instead of index) |
| Previous Message | Christopher Browne | 2006-11-09 02:58:06 | Re: Does PostgreSQL support multi-instancing? |