Re: [ADMIN] postgresql 7.4.6 and pam_ldap

Thu, 06 Jan 2005 01:29:16 -0800 

Le  5 janvier 2005 � 22:20, G�mes G�za a �crit :
>
> I would suggest to retry it with a postgres user readable 
> /etc/pam.d/postgresql
> an with a pg_hba.conf without postgres specified on the last field after 
> pam. Also if you want ldap authentication, take care, that in 
> /etc/pam.d/postgresql you don't reference any other non pam_ldap module, 
> and your /etc/ldap.conf is readable by postgres user.

thank you for your help,
That's all i have done :

$ id
uid=26(postgres) gid=26(postgres) groupes=26(postgres)

$ cat /etc/pam.d/postgresql
auth            required        /lib/security//pam_ldap.so

$ cat pg_hba.conf
local   all             postgres                        ident sameuser
local   all             all                             pam
host    all             all     127.0.0.1/32            pam
host    all             all     192.168.10.0/24         pam

$ sed '/^#/d;/^$/d' /etc/ldap.conf 
host 192.168.10.2
base ou=Users,dc=cerma,dc=archi,dc=fr
ssl no
pam_password md5

$ psql -U leduc leduc
Mot de passe : 
psql: FATAL:  PAM authentication �chou�e pour l'utilisateur "leduc"
        => DID NOT WORK !!!

# tail -f /var/log/postgresql 
Jan  6 10:14:06 tage postgres[21450]: [1-1] TRACE:  00000: pam_authenticate a 
�chou� : Conversation error
Jan  6 10:14:06 tage postgres[21450]: [1-2] EMPLACEMENT :  CheckPAMAuth, 
auth.c:712
Jan  6 10:14:06 tage postgres[21450]: [2-1] FATAL:  28000: PAM authentication 
�chou�e pour l'utilisateur "leduc"
Jan  6 10:14:06 tage postgres[21450]: [2-2] EMPLACEMENT :  auth_failed, 
auth.c:395
Jan  6 10:14:06 tage postgres[21450]: [3-1] ERREUR:  08006: Impossible 
d'envoyer les donn�es du client : Relais bris� (pipe)
Jan  6 10:14:06 tage postgres[21450]: [3-2] EMPLACEMENT : internal_flush, 
pqcomm.c:1000
Jan  6 10:14:09 tage postgres[21451]: [1-1] TRACE:  00000: pam_acct_mgmt a 
�chou� : User account has expired
Jan  6 10:14:09 tage postgres[21451]: [1-2] EMPLACEMENT :  CheckPAMAuth, 
auth.c:723
Jan  6 10:14:09 tage postgres[21451]: [2-1] FATAL:  28000: PAM authentication 
�chou�e pour l'utilisateur "leduc"
Jan  6 10:14:09 tage postgres[21451]: [2-2] EMPLACEMENT :  auth_failed, 
auth.c:395 

        => "User account has expired" seems not to be true !

-- 
Thomas LEDUC

CNRS UMR 1563 - Laboratoire CERMA - Ecole d'Architecture de Nantes
Tel: +33 (0) 2 40 59 04 59 --  Fax : +33 (0) 2 40 59 11 77
EAN - Rue Massenet - BP 81931 - 44319 NANTES cedex 3
GPG KeyID: B2342343 Fingerprint: D62CF1A9D4BEDE671602504C46514CC8B2342343


---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Reply via email to