Re: [ADMIN] postgresql 7.4.6 and pam_ldap

Wed, 05 Jan 2005 17:05:13 -0800 

Thomas Leduc �rta:

Hi,
I know that i'm not the 1st one who want's to use pam_ldap to
authenticate users (55 posts with keywords ldap and pam...). But it
also didn't work for me. Please, what's wrong with the following:

% pg_config --configure
'--host=i386-redhat-linux' '--build=i386-redhat-linux'
[...]
'--with-openssl' '--with-pam' '--with-krb5=/usr' '--enable-nls'
[...]

% cat <<EOF > pg_hba.conf
local   all             postgres                        ident sameuser
local   all             all                             pam postgresql
host    all             all     127.0.0.1/32            pam postgresql
host    all             all     192.168.10.0/24         pam postgresql
EOF

% cat <<EOF > /etc/pam.d/postgresql--tage
auth       required     pam_stack.so service=system-auth
EOF

% pg_ctl reload
% createuser --adduser --createdb leduc
% createdb --owner=leduc --echo leduc

% id postgres
uid=26(postgres) gid=26(postgres) groupes=26(postgres)
$ psql --quiet leduc
leduc=# SELECT 1+1;
...                     IT WORKS !!!

% id
uid=252(leduc) gid=100(users) groupes=100(users)
% psql
Mot de passe : psql: FATAL: PAM authentication �chou�e pour l'utilisateur "leduc"
... IT DOESN'T WORK !!!
% tail -f /var/log/messages
Jan 5 17:41:17 tage postgresql(pam_unix)[12625]: auth could not identify password for [leduc]
Jan 5 17:41:21 tage postgresql(pam_unix)[12627]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost= user=leduc

% psql -U leduc -W
Mot de passe : psql: FATAL: PAM authentication �chou�e pour l'utilisateur "leduc"
... IT DOESN'T WORK !!!
% tail -f /var/log/messages
Jan 5 17:42:11 tage postgresql(pam_unix)[12635]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost= user=leduc



I would suggest to retry it with a postgres user readable /etc/pam.d/postgresql
an with a pg_hba.conf without postgres specified on the last field after pam. Also if you want ldap authentication, take care, that in /etc/pam.d/postgresql you don't reference any other non pam_ldap module, and your /etc/ldap.conf is readable by postgres user.

Good Luck!

Geza

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
     subscribe-nomail command to [EMAIL PROTECTED] so that your
     message can get through to the mailing list cleanly

Reply via email to