Re: PAM - Mailing list pgsql-admin
| From | Tim Frank |
|---|---|
| Subject | Re: PAM |
| Date | |
| Msg-id | asnm6r$icm$1@news.hub.org Whole thread Raw |
| In response to | PAM (EMOTO Masahiko <emo@nifs.ac.jp>) |
| Responses |
Re: PAM
|
| List | pgsql-admin |
I was testing this on a 7.3 beta the other week to try to make it work with LDAP authentication, and I think I only got it working if I bypased the system-auth PAM file that everything was normally funneled through. I don't know exactly why it wasn't working, but whenever I put a line that used pam_unix.so it would fail with the same error you are encountering. I didn't invest a huge amount of time figuring out why pam_unix.so was causing a problem because I wanted to use pam_ldap.so anyways. There doesn't seem to be many examples out there that I could find that I got to work. FYI I am testing on RedHat 7.x and 8.0 machines. Tim EMOTO Masahiko wrote: > Does anyone show me a sample of PAM authenticate file? > > I want to use pam for client authentication, and I create pg_hba.cnf as, > > >>host all all 127.0.0.1 255.255.255.255 trust >>host all all 192.168.0.0 255.255.0.0 pam postgresql > > > and /etc/pam.d/postgresql as > >>auth required /lib/security/pam_stack.so service=system-auth >>account required /lib/security/pam_stack.so service=system-auth > > > I tried to connect to the server, but failed. The messages I received were follows; > > >>[CLIENT] >>% psql -h dgpc1 db1 -U emo >>Password: >>psql: FATAL: PAM authentication failed for user "emo" >> >>[SERVER] >>DEBUG: reaping dead processes >>DEBUG: child process (pid 15642) exited with exit code 0 >>DEBUG: BackendStartup: forked pid=15643 socket=8 >>DEBUG: received PAM packet >>LOG: CheckPAMAuth: pam_authenticate failed: 'Authentication failure' >>FATAL: PAM authentication failed for user "emo" >>DEBUG: proc_exit(0) >>DEBUG: shmem_exit(0) >>DEBUG: exit(0) >>DEBUG: reaping dead processes > > > The user account exists in the database, and I typed the system password. > > > Environment: > OS : Linux Kernel 2.4.19 > PostgreSQL 7.3 > > > By the way, what really I want to do is to configure the server behave like FTP servers; > All the users except the guest (anonymous) requires the password authentication. > The guest user can only read the data, and cannot alter the data. > Are there any solutions to do this? > > > --- EMOTO Masahiko --- > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
pgsql-admin by date: