Dhanaraj M wrote:
Hi all,

http://archives.postgresql.org/pgsql-admin/2003-02/msg00301.php

I also try to address the same issue..

I run postmaster as postgres user and pg_hba.conf includes the following entry:

local   all         dhanaraj                              pam

However, the authentication fails for this unix local user, whereas it works for LDAP users.

bash-3.00$ psql -h superdesktop.india.sun.com -U dhanaraj mydb
Password for user dhanaraj:
psql: FATAL: PAM authentication failed for user "dhanaraj"

The following error message that I could see in the server log:
......................
LOG: pam_authenticate failed: Conversation failure
FATAL: PAM authentication failed for user "dhanaraj"
LOG: pam_authenticate failed: No account present for user
FATAL: PAM authentication failed for user "dhanaraj"


The non-root user does not have the permission to read other unix local user password.
I found two solutions:

1. usermod -K defaultpriv=Basic,file_dac_read  postgres

- Gives privilege to read all files. This solution works. Is it the right way to do?

2. chmod +s processName

 - This does not work, because postgres never allows this.


Is there anyother solution to this problem?

Usage questions really don't belong on -hackers - in future please use -general. Both your proposed solutions are utterly insecure.

See http://itc.musc.edu/wiki/PostgreSQL for some discussion of using PAM for postgres auth.

cheers

andrew






---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to