Re: PAM authentication fails for local UNIX users

Dhanaraj M wrote:
> Hi all,
>
> http://archives.postgresql.org/pgsql-admin/2003-02/msg00301.php
>
> I also try to address the same issue..
>
> I run postmaster as postgres user and pg_hba.conf includes the
> following entry:
>
> local all dhanaraj pam
>
> However, the authentication fails for this unix local user, whereas it
> works for LDAP users.
>
> bash-3.00$ psql -h superdesktop.india.sun.com -U dhanaraj mydb
> Password for user dhanaraj:
> psql: FATAL: PAM authentication failed for user "dhanaraj"
>
> The following error message that I could see in the server log:
> ......................
> LOG: pam_authenticate failed: Conversation failure
> FATAL: PAM authentication failed for user "dhanaraj"
> LOG: pam_authenticate failed: No account present for user
> FATAL: PAM authentication failed for user "dhanaraj"
>
>
> The non-root user does not have the permission to read other unix
> local user password.
> I found two solutions:
>
> 1. usermod -K defaultpriv=Basic,file_dac_read postgres
>
> - Gives privilege to read all files. This solution works. Is it the
> right way to do?
>
> 2. chmod +s processName
>
> - This does not work, because postgres never allows this.
>
>
> Is there anyother solution to this problem?

Usage questions really don't belong on -hackers - in future please use
-general. Both your proposed solutions are utterly insecure.

See http://itc.musc.edu/wiki/PostgreSQL for some discussion of using
PAM for postgres auth.

cheers

andrew