Re: anyone knows about pam_pgsql ?

Here is the corresponding entry from my internal knowledge-base: it
includes many information that was valueable for me and also
information about different versions I tried and where I downloaded
them ...
It also includes much thanx to Tommi - I never would have made it
without it (if you include parts of my info, please include this
thanks)

I didnt even know about your howto - if your update it, pleae be sure
to mail me and maybe Tommi and the other project can set a link to
your page.

best,
peter

----------

Finally I made userauthentication via a postgresdatabase working. I
could not get a pam-module working, but a libnss-module.
While I dont know much about this, imho libnss is still a level
deeper than pam. So a application can auth via pam and pam is then
using nss.

A typical pam-entry would look like:
account required /lib/security/pam_unix.so

and this pam_unix will then use configs defined in nsswitch.conf (see
below) at the moment I got it working with samba and cyrus imapd
(details see below or seperate entries)

but now to work:

This all is happening under Mandrake 8.x. The final installation
occured on a brand new Mandrake8.1-installation, but I had the same
problems with several Mandrake8.0-Machines.

I) download the libnss-pgsql-source.
There are different version out there:

Tommi Mkitalo, who helped me very much with this stuff has versions
under http://www.maekitalo.de, that were segfaulting here (maybe due a
wrong configured postgres-server). His version seems to be based on
version 0.9 of the official sourceforge-sysauth-pgsql-project that can
be found under http://sourceforge.net/projects/sysauth-pgsql There I
downloaded version libnss-pgsql-1.0.0. All the following applies to
this version, but when trying to compile I encountered the same
problems on both version. The 1.0.0 has a bit more features. It gives
errors when the database is misconfigured and the groups-command is
working .. but basically they seem to do exactely the same.

II) prerequisites:

I dont know which of the following steps are really necessary to
compile the libnss_pgsql-module, cause first I tried pam_pgsql and few
of these steps were needed to compile pam_pgsql ..

I had a full working postgres-installation installed (compiled
manually, so it contains all the headers and so on). Unfortunately I
had some problems with the libs. Even when I added the
postgres-lib-path to /etc/ld.so.config by adding a line
'/usr/local/pgsql/lib' and running ldconfig the libs were not linked
proper. So I copied the libs from /usr/local/pgsql/lib to
/usr/local/lib and it worked. Also there were problems of missing
header-files when compiling libss_pgsql. To avoid this, I copied all
postgres-headers to the libnss-src (not overwrite config.h !!) and
additionally edit the file src/backend.c and changed the line #include
<postgresql/libpq-fe.h> to #include <libpq-fe.h>

My pam was installed per rpm on install and I had to install the package pam-devel.rpm to get the needed pam-headerfiles.

* get, compile, install full postgres 7.1.3
* cp -d /usr/local/pgsql/lib/* /usr/local/lib/*
* cp /usr/local/pgsql/include/*.h /usr/src/libnss_pgsql-1.0.0/src/
# !! dont overwrite config.h !!!
* vi src/backend.c # change the #include <postgresql/libpq-fe.h> -line
* install pam-devel.rpm

III) compile

./configure --with-gnu-ld

I didnt specify the target-directories in this step, so I had to deal
with wrong dirs later .. Maybe using the --prefix=/ option would have
been a fine idea ..

make

Nothing bad should happen here anymore, but you should see the -lpq
switch on the commandlines running by. Now you can test, if the file
was compiled proper:

# ld src/.libs/libnss_pgsql.so
ld: warning: cannot find entry symbol _start; not setting start address

There should be no more warning/error than this (not PQxxx missing or
whatever)

make install

IV) postrequisites

Guess you wont need that if you use the correct prefix-option above.

* cp -d /usr/local/lib/libnss_pgsql* /lib/
* touch /etc/nss-pgsql.conf; ln -s /etc/nss-pgsql.conf /usr/local/etc/nss-pgsql.conf

V) config

I followed the instructions in the conf/-subfolder. There is a very
nice demo-database that I modified a bit (removed the subnet and
modem-entry and added my own addons). There are three tables:

* groups will hold the groups
* accounts will hold der user
* usergroups will relate the two other tables. You can add user-group-relations here. Just add the UID/GID - combination here for each group

-----------

--
mag. peter pilsl

phone: +43 676 3574035
fax : +43 676 3546512
email: pilsl(at)goldfisch(dot)at
sms : pilsl(at)max(dot)mail(dot)at

pgp-key available