Your message dated Sun, 4 Sep 2016 19:07:23 +0200
with message-id <[email protected]>
and subject line Re: Bug#692480: pam-auth-config, lib(pam|nss)-ldapd broke
again 'pam' authentication in postgres.
has caused the Debian Bug report #692480,
regarding pam-auth-config, lib(pam|nss)-ldapd broke again 'pam' authentication
in postgres.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
692480: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692480
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: postgresql-common
Version: 113+squeeze1
An old issue come back, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217891
I've just migrated from lenny to squeeze (better later then ever... ;),
and so moved from lib(pam|nss)-ldap and custom /etc/pam.d/common-*
files to lib(pam|nss)-ldapd, nslcd and pam-auth-update.
After doing that, pam, auth does not work anymore in postgres, i got:
Nov 5 09:00:00 dixie unix_chkpwd[28119]: check pass; user unknown
Nov 5 09:00:00 dixie unix_chkpwd[28119]: password check failed for
user (aleggi)
Nov 5 09:00:00 dixie .5.2.219(1308) authentication:
pam_unix(postgresql:auth): authentication failure; logname= uid=110 euid=110
tty= ruser= rhost= user=aleggi
Nov 5 09:00:00 dixie unix_chkpwd[28120]: could not obtain user info
(aleggi)
After fiddling a bit, i've created /etc/pam.d/postgresql with inside:
auth required pam_ldap.so minimum_uid=1000
account required pam_ldap.so minimum_uid=1000
password required pam_deny.so
session required pam_permit.so
I don't need/use /etc/(passwd|shadow) auth, so i've used only ldap, and
i've disabled session because i don't need session management in
postgres, and because the culprit seems to come from here.
Feel free to ask more feedback, it was a production server and so... i
need a quick fix. ;)
Thanks.
--- End Message ---
--- Begin Message ---
Re: Marco Gaiarin 2012-11-06 <[email protected]>
> Package: postgresql-common
> Version: 113+squeeze1
>
> An old issue come back, see:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217891
>
>
> I've just migrated from lenny to squeeze (better later then ever... ;),
> and so moved from lib(pam|nss)-ldap and custom /etc/pam.d/common-*
> files to lib(pam|nss)-ldapd, nslcd and pam-auth-update.
>
> After doing that, pam, auth does not work anymore in postgres, i got:
>
> Nov 5 09:00:00 dixie unix_chkpwd[28119]: check pass; user unknown
> Nov 5 09:00:00 dixie unix_chkpwd[28119]: password check failed for
> user (aleggi)
> Nov 5 09:00:00 dixie .5.2.219(1308) authentication:
> pam_unix(postgresql:auth): authentication failure; logname= uid=110 euid=110
> tty= ruser= rhost= user=aleggi
> Nov 5 09:00:00 dixie unix_chkpwd[28120]: could not obtain user info
> (aleggi)
>
> After fiddling a bit, i've created /etc/pam.d/postgresql with inside:
>
> auth required pam_ldap.so minimum_uid=1000
> account required pam_ldap.so minimum_uid=1000
> password required pam_deny.so
> session required pam_permit.so
>
> I don't need/use /etc/(passwd|shadow) auth, so i've used only ldap, and
> i've disabled session because i don't need session management in
> postgres, and because the culprit seems to come from here.
>
>
> Feel free to ask more feedback, it was a production server and so... i
> need a quick fix. ;)
Hi Marco,
looking at that after a long time, I can't really say what the bug was
back then. I'd think the pam handling around pam_ldap changed in some
way and the config needed some adjustments, likely independently if
PostgreSQL was using pam or other services.
As "pam" authentication works generally, I'm closing this bug now.
Christoph
signature.asc
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-postgresql-public mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-postgresql-public
