Bug#432701: Some inconsistencies in pam configuration...
Mandi! Christoph Berg In chel di` si favelave... > The solution here might be to ship /etc/pam.d/postgresql in > postgresql-common. Otoh, there is an "other" file that should take > care of "pam" entries in pg_hba.conf. pam auth works here without the > extra file, but it might make sense to provide it anyway. I'll do some > research and report back here. Oh, i've forget about this bug, really. I'm now on lenny, switching to squeeze, and seems to me that /etc/pam.d/postgresql are no more needed. But probably because i've found that it is true that pam_unix are ''nss enabled'', but some things (eg, password expiration) does not work, so i've switched on using pam_ldap on every context. Really, now i use 'pam-auth-update' on squeeze. For me, you can safely close this issue. Sorry, i completely forgot about them. ;( -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#432701: Some inconsistencies in pam configuration...
reassign 432701 postgresql-common retitle 432701 postgresql-common should provide /etc/pam.d/postgresql thanks Re: Marco Gaiarin 2007-07-11 <2007070306.gx6...@sv.lnf.it> > Package: postgresql-8.1 > Version: 8.1.8-1 > > I've configured a server as a Samba primary domain controller, using > ldap as backend. Pure etch. > > I've setup nss and pam using the debian wiki: > > http://wiki.debian.org/NSSLDAPSetup > > shortly: pam_unix module in debian are nss-enabled, so normally there's > no need to setup PAM, but only nss. > > But for postgres i was forced to wrote down a /etc/pam.d/postgresql > with inside: > > authrequiredpam_ldap.so > account requiredpam_ldap.so > > particulary the 'account' stanza are required, and this is not needed > for evey other services (ssh, dovecod, ...) on the same server. The other services already ship a working pam.d file, so the problem here seems to be that postgresql doesn't do that. The solution here might be to ship /etc/pam.d/postgresql in postgresql-common. Otoh, there is an "other" file that should take care of "pam" entries in pg_hba.conf. pam auth works here without the extra file, but it might make sense to provide it anyway. I'll do some research and report back here. > Seems that postgres use pam in a rather different way from other > services, i don't know if this descend of having postgres not running > as root, and i don't know if this is curable. > > But i think at least a row in README.Debian can be added. Christoph -- c...@df7cb.de | http://www.df7cb.de/ signature.asc Description: Digital signature
Bug#432701: Some inconsistencies in pam configuration...
Package: postgresql-8.1 Version: 8.1.8-1 I've configured a server as a Samba primary domain controller, using ldap as backend. Pure etch. I've setup nss and pam using the debian wiki: http://wiki.debian.org/NSSLDAPSetup shortly: pam_unix module in debian are nss-enabled, so normally there's no need to setup PAM, but only nss. But for postgres i was forced to wrote down a /etc/pam.d/postgresql with inside: authrequiredpam_ldap.so account requiredpam_ldap.so particulary the 'account' stanza are required, and this is not needed for evey other services (ssh, dovecod, ...) on the same server. Seems that postgres use pam in a rather different way from other services, i don't know if this descend of having postgres not running as root, and i don't know if this is curable. But i think at least a row in README.Debian can be added. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
