From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Tim Frank <tfrank(at)registrar(dot)uoguelph(dot)ca> |
Cc: | PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: [ADMIN] PAM |
Date: | 2002-12-05 19:23:00 |
Message-ID: | 200212051923.gB5JN0I23598@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-patches |
I am not sure, but it is possible you are seeing a problem with the new
storage of passwords as MD5 encrypted on pg_shadow. The attached patch
fixes this.
---------------------------------------------------------------------------
Tim Frank wrote:
> I was testing this on a 7.3 beta the other week to try to make it work
> with LDAP authentication, and I think I only got it working if I bypased
> the system-auth PAM file that everything was normally funneled through.
> I don't know exactly why it wasn't working, but whenever I put a line
> that used pam_unix.so it would fail with the same error you are
> encountering.
>
> I didn't invest a huge amount of time figuring out why pam_unix.so was
> causing a problem because I wanted to use pam_ldap.so anyways.
>
> There doesn't seem to be many examples out there that I could find that
> I got to work. FYI I am testing on RedHat 7.x and 8.0 machines.
>
> Tim
>
> EMOTO Masahiko wrote:
> > Does anyone show me a sample of PAM authenticate file?
> >
> > I want to use pam for client authentication, and I create pg_hba.cnf as,
> >
> >
> >>host all all 127.0.0.1 255.255.255.255 trust
> >>host all all 192.168.0.0 255.255.0.0 pam postgresql
> >
> >
> > and /etc/pam.d/postgresql as
> >
> >>auth required /lib/security/pam_stack.so service=system-auth
> >>account required /lib/security/pam_stack.so service=system-auth
> >
> >
> > I tried to connect to the server, but failed. The messages I received were follows;
> >
> >
> >>[CLIENT]
> >>% psql -h dgpc1 db1 -U emo
> >>Password:
> >>psql: FATAL: PAM authentication failed for user "emo"
> >>
> >>[SERVER]
> >>DEBUG: reaping dead processes
> >>DEBUG: child process (pid 15642) exited with exit code 0
> >>DEBUG: BackendStartup: forked pid=15643 socket=8
> >>DEBUG: received PAM packet
> >>LOG: CheckPAMAuth: pam_authenticate failed: 'Authentication failure'
> >>FATAL: PAM authentication failed for user "emo"
> >>DEBUG: proc_exit(0)
> >>DEBUG: shmem_exit(0)
> >>DEBUG: exit(0)
> >>DEBUG: reaping dead processes
> >
> >
> > The user account exists in the database, and I typed the system password.
> >
> >
> > Environment:
> > OS : Linux Kernel 2.4.19
> > PostgreSQL 7.3
> >
> >
> > By the way, what really I want to do is to configure the server behave like FTP servers;
> > All the users except the guest (anonymous) requires the password authentication.
> > The guest user can only read the data, and cannot alter the data.
> > Are there any solutions to do this?
> >
> >
> > --- EMOTO Masahiko ---
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
>
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Attachment | Content-Type | Size |
---|---|---|
unknown_filename | text/plain | 3.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Radoslaw Stachowiak | 2002-12-05 19:23:58 | fresh 7.3-1 SRPMS bug |
Previous Message | Bruce Momjian | 2002-12-05 19:19:21 | Re: how to cancel a query ? |
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2002-12-05 19:36:52 | Re: Hierarchical queries a la Oracle patch. for 7.3rc1. |
Previous Message | Tom Lane | 2002-12-05 14:43:59 | Re: Hierarchical queries a la Oracle patch. for 7.3rc1. |