There was a PAM thread back in early December where we discussed this. I posted a bunch of PAM testing combinations that did/didn't work. One of which was trying to use system accounts through "system-auth" which is really pam_unix.so. This method would not work for me in 7.3.1 no matter what I tried. I also never found a solution.
Google has the full thread here
http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=asqqr7%242mqo%241%40news.hub.org&rnum=1&prev=/groups%3Fq%3DPostgresql%2BPAM%2BTim%2BFrank%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dasqqr7%25242mqo%25241%2540news.hub.org%26rnum%3D1
I had a look through some of the authentication source as well, but I didn't know enough about it to figure out what the problem might be specifically with pam_unix.so.
Probably not what you wanted to hear, but you aren't the only one.
Tim
Brett Northcott wrote:
ok - fairly new to postgresql & tring to set up tcp/ip access using pam authentication using gentoo_linux 1.4_rc2 postgresql-7.3.1my pg_hba.conf file has the entries # TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD local all all trust host all all 127.0.0.1 255.255.255.255 trust host all all 192.168.1.1 255.255.255.0 pam postgresql my /etc/pam.d/postgresql file has the entries #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth when i try to connect (locally).... # psql test -U brett Password: (password entered - i know it is correct) psql: FATAL: PAM authentication failed for user "brett" i get the following entries in /var/log/auth.log - and a Jan 31 16:31:47 achilles unix_chkpwd[25987]: check pass; user unknown Jan 31 16:31:47 achilles postgresql(pam_unix)[25986]: authentication failure; logname= uid=70 euid=70 tty= ruser= rhost= user=brett 'brett' has a system level account. i can connect as user 'brett' if pg_hba.conf is set to 'trust', but never when pam is involved... any ideas? i've been mucking around with this for a couple of days & not getting very far regards, brett ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
