Re: PAM authentication

From: Tim Frank <tfrank(at)registrar(dot)uoguelph(dot)ca>
To: pgsql-admin(at)postgresql(dot)org
Cc: brettn(at)bigpond(dot)com
Subject: Re: PAM authentication
Date: 2003-02-01 17:18:14
Message-ID: 3E3C0156.2060903@registrar.uoguelph.ca
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Brett,

There was a PAM thread back in early December where we discussed this.
I posted a bunch of PAM testing combinations that did/didn't work. One
of which was trying to use system accounts through "system-auth" which
is really pam_unix.so. This method would not work for me in 7.3.1 no
matter what I tried. I also never found a solution.

Google has the full thread here

http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=asqqr7%242mqo%241%40news.hub.org&rnum=1&prev=/groups%3Fq%3DPostgresql%2BPAM%2BTim%2BFrank%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dasqqr7%25242mqo%25241%2540news.hub.org%26rnum%3D1

I had a look through some of the authentication source as well, but I
didn't know enough about it to figure out what the problem might be
specifically with pam_unix.so.

Probably not what you wanted to hear, but you aren't the only one.

Tim

Brett Northcott wrote:
> ok - fairly new to postgresql & tring to set up tcp/ip access using pam
> authentication
> using gentoo_linux 1.4_rc2
> postgresql-7.3.1
>
>
> my pg_hba.conf file has the entries
>
> # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
>
> local all all trust
> host all all 127.0.0.1 255.255.255.255 trust
> host all all 192.168.1.1 255.255.255.0 pam
> postgresql
>
>
> my /etc/pam.d/postgresql file has the entries
>
> #%PAM-1.0
>
> auth required pam_stack.so service=system-auth
> account required pam_stack.so service=system-auth
>
>
> when i try to connect (locally)....
> # psql test -U brett
> Password: (password entered - i know it is correct)
> psql: FATAL: PAM authentication failed for user "brett"
>
>
> i get the following entries in /var/log/auth.log - and a
> Jan 31 16:31:47 achilles unix_chkpwd[25987]: check pass; user unknown
> Jan 31 16:31:47 achilles postgresql(pam_unix)[25986]: authentication
> failure; logname= uid=70 euid=70 tty= ruser= rhost= user=brett
>
> 'brett' has a system level account.
> i can connect as user 'brett' if pg_hba.conf is set to 'trust', but never
> when pam is involved...
>
> any ideas? i've been mucking around with this for a couple of days & not
> getting very far
>
> regards,
>
> brett
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Chris White 2003-02-01 17:23:01 Duplicate indexes found in the postgres Database
Previous Message Tom Lane 2003-02-01 16:36:29 Re: pg_restore problem with 7.3.1