This is the continuation to the discussion that we had in the hacker's list.
Here, I like to add some details in 20.2.6. PAM authentication section.
Can someone review and make changes, if required? Thanks.
*** client-auth.sgml.orig Tue Aug 21 16:52:45 2007
--- client-auth.sgml Tue Aug 21 17:02:52 2007
*** 987,992 ****
--- 987,1001 ----
and the <ulink url="http://www.sun.com/software/solaris/pam/">
<systemitem class="osname">Solaris</> PAM Page</ulink>.
+ The local UNIX user authentication is not permitted,
+ because the postgres server is started by a non-root user.
+ In order to enable this functionality, the root user must provide
+ additional permissions to the postgres user (for reading
Zdenek Kotala wrote:
The problem what Dhanaraj tries to address is how to secure solve
problem with PAM and local user. Other servers (e.g. sshd) allow to
run master under root (with limited privileges) and forked process
under normal user. But postgresql
requires start as non-root user. It limits to used common pattern.
There is important question:
Is current requirement to run postgresql under non-root OK? If yes,
than we must update PAM documentation to explain this situation which
will never works secure. Or if we say No, it is stupid limitation (in
case when UID 0 says nothing about user's privileges) then we must
start discussion about solution.
For now I think we should update the docs. You really can't compare
postgres with sshd - ssh connections are in effect autonomous. I
suspect the changes involved in allowing us to run as root and then
give up privileges safely would be huge, and the gain quite small.
I'd rather see an HBA fallback mechanism, which I suspect might
overcome most of the problems being encountered here.
Solaris RPE, Bangalore, India
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend