| Lists: | pgsql-admin |
|---|
| From: | Georg Lutz <glist(at)gmx(dot)net> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | postgres 7.2.1 and pam |
| Date: | 2002-05-26 16:34:13 |
| Message-ID: | 20020526183413.A1319@ercws051.erc.lan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
Hi,
i would like to use pam(ldap) to authenticate users.
Unix-LDAP-Users already exists and they can login.
I created a user via "CREATE USER user;" without a password, having a
valid unix-account in ldap.
But whenever I try to login to postgresql via psql -U user
template1 i get "psql: FATAL 1: Password authentication failed for user
user".
I installed the rpm's from
ftp://ftp.postgresql.org/pub/binary/v7.2.1/RPMS/redhat-7.2/
on RH 7.2 .
My pg_hba.conf looks like this:
---
local all md5
local all pam postgresql
---
In /etc/pam.d/postgresql:
---
auth required pam_ldap.so
---
What is the problem here?
Please CC, I am not subscribed.
--
Georg
| From: | "Jameson C(dot) Burt" <jameson(at)coost(dot)com> |
|---|---|
| To: | Georg Lutz <glist(at)gmx(dot)net> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: postgres 7.2.1 and pam |
| Date: | 2002-05-28 03:08:13 |
| Message-ID: | 20020528030813.GA15768@coost.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
On Sun, May 26, 2002 at 06:34:13PM +0200, Georg Lutz wrote:
> Hi,
>
> i would like to use pam(ldap) to authenticate users.
>
> Unix-LDAP-Users already exists and they can login.
>
> I created a user via "CREATE USER user;" without a password, having a
> valid unix-account in ldap.
>
> But whenever I try to login to postgresql via psql -U user
> template1 i get "psql: FATAL 1: Password authentication failed for user
> user".
>
> I installed the rpm's from
> ftp://ftp.postgresql.org/pub/binary/v7.2.1/RPMS/redhat-7.2/
> on RH 7.2 .
>
> My pg_hba.conf looks like this:
> ---
> local all md5
> local all pam postgresql
> ---
>
> In /etc/pam.d/postgresql:
> ---
> auth required pam_ldap.so
> ---
While I haven't tried ldap, I have used the following in
/etc/pam.d/postgresql for local and remote "guest" [I created user
"guest" in postgresql] tcp connections:
auth required pam_ftp.so users=guest
account required pam_permit.so
With no restrictions, allowing even user "postgres" access, I have used:
auth required pam_permit.so
account required pam_permit.so
Neither of these sets of lines requires a password entry.
I found that I NEEDED BOTH AN "auth" AND AN "account" ENTRY,
but I didn't need a "password" or a "session" entry.
I currently have in pg_hba.conf,
local all pam postgresql
host all 0.0.0.0 0.0.0.0 pam postgresql #for tcp access
I have tried various other entries in these two files,
but I could then never gain access with a password.
Such denial of access that I didn't see with other
pam applications (telnet, ssh, ftp) led me to suspect postgres
compilation errors in its use of pam
(either in pam source or in Debian Linux's complations).
While this worked for my non-ldap situation
on a Debian Linux (3.0 version), I write as a Postgresql
pam novice.
>
> What is the problem here?
> Please CC, I am not subscribed.
> --Georg
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Georg Lutz <glist(at)gmx(dot)net> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: postgres 7.2.1 and pam |
| Date: | 2002-05-28 16:53:16 |
| Message-ID: | Pine.LNX.4.44.0205281145240.1300-100000@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-admin |
Georg Lutz writes:
> My pg_hba.conf looks like this:
> ---
> local all md5
> local all pam postgresql
> ---
Both of these entries apply to local connections, so the first one gets
used and PAM is never considered.
--
Peter Eisentraut peter_e(at)gmx(dot)net