Re: [HACKERS] PostgreSQL pam ldap document

All,

I visited #postgresql @ FreeNode and asked about how to make pg use pam
about a week ago (specifically I wanted to auth against LDAP). I was
told to figure it out and write a doc...

Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL

Please review for accuracy and/or proofreading.

Thanks,

Adrian

Adrian Nida wrote:
> All,
>
> I visited #postgresql @ FreeNode and asked about how to make pg use pam
> about a week ago (specifically I wanted to auth against LDAP). I was
> told to figure it out and write a doc...
>
> Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL
>
> Please review for accuracy and/or proofreading.

I get a "not exists" error on that URL.

I assume you looked at:

http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM

Do you have additions to it?

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

On Fri, Mar 11, 2005 at 11:42:53AM -0500, Bruce Momjian wrote:
> Adrian Nida wrote:
> > All,
> >
> > I visited #postgresql @ FreeNode and asked about how to make pg use pam
> > about a week ago (specifically I wanted to auth against LDAP). I was
> > told to figure it out and write a doc...
> >
> > Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL
> >
> > Please review for accuracy and/or proofreading.
>
> I get a "not exists" error on that URL.

http://itc.musc.edu/wiki/PostgreSQL

(only 4 capital letters) works.

> I assume you looked at:
>
> http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
>
> Do you have additions to it?

'pears so :)

Cheers,
D
--
David Fetter david(at)fetter(dot)org http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778

Remember to vote!

<Snip/>
>>Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL
<Snip/>
> I get a "not exists" error on that URL.
Sorry, I renamed the URL after someone pointed out the correct spelling.
This was a link to the old one. I apologize for the confusion, the
right URL is:

http://itc.musc.edu/wiki/PostgreSQL

> I assume you looked at:
> http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
> Do you have additions to it?

Yes, I did look at it. No offense to the original author, but my doc
has a lot more than the four sentences that are there. I was hoping it
would help others in my situation. Again any and all
comments/questions/blah are appreciated.

Thanks,

Adrian

* Adrian Nida <nida(at)musc(dot)edu> [0307 18:07]:
> <Snip/>
> >>Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL
> <Snip/>
> >I get a "not exists" error on that URL.
> Sorry, I renamed the URL after someone pointed out the correct spelling.
> This was a link to the old one. I apologize for the confusion, the
> right URL is:
>
> http://itc.musc.edu/wiki/PostgreSQL
>
> >I assume you looked at:
> > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
> >Do you have additions to it?
>
> Yes, I did look at it. No offense to the original author, but my doc
> has a lot more than the four sentences that are there. I was hoping it
> would help others in my situation. Again any and all
> comments/questions/blah are appreciated.

I think the point he's trying to make is that most of your howto is
how to setup pg_hba.conf (which is in the docs anyway) and how to set up pam_ldap
for a service (which is really a pam howto).

It'd be nice if the docs at

http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM

said

'you need to createuser(8) a postgres user too. PAM is only used to
validate a username/password pair - the user has to exist in postgres as well.'

and it will, once it updates :)

--
'When the door hits you in the ass on the way out, clean off the smudge
your ass leaves, please'
-- Alien loves Predator
Rasputin :: Jack of All Trades - Master of Nuns

Addition added to PAM documentation. Patch attached and will appear in
8.0.3.

---------------------------------------------------------------------------

Dick Davies wrote:
> * Adrian Nida <nida(at)musc(dot)edu> [0307 18:07]:
> > <Snip/>
> > >>Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL
> > <Snip/>
> > >I get a "not exists" error on that URL.
> > Sorry, I renamed the URL after someone pointed out the correct spelling.
> > This was a link to the old one. I apologize for the confusion, the
> > right URL is:
> >
> > http://itc.musc.edu/wiki/PostgreSQL
> >
> > >I assume you looked at:
> > > http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
> > >Do you have additions to it?
> >
> > Yes, I did look at it. No offense to the original author, but my doc
> > has a lot more than the four sentences that are there. I was hoping it
> > would help others in my situation. Again any and all
> > comments/questions/blah are appreciated.
>
> I think the point he's trying to make is that most of your howto is
> how to setup pg_hba.conf (which is in the docs anyway) and how to set up pam_ldap
> for a service (which is really a pam howto).
>
> It'd be nice if the docs at
>
> http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
>
> said
>
> 'you need to createuser(8) a postgres user too. PAM is only used to
> validate a username/password pair - the user has to exist in postgres as well.'
>
> and it will, once it updates :)
>
>
>
> --
> 'When the door hits you in the ass on the way out, clean off the smudge
> your ass leaves, please'
> -- Alien loves Predator
> Rasputin :: Jack of All Trades - Master of Nuns
>
> ---------------------------(end of broadcast)---------------------------
> TIP 7: don't forget to increase your free space map settings
>

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073