Re: anyone knows about pam_pgsql ?
От | Peter Pilsl |
---|---|
Тема | Re: anyone knows about pam_pgsql ? |
Дата | |
Msg-id | 20011222002245.K8451@i3.atat.at обсуждение исходный текст |
Ответ на | Re: anyone knows about pam_pgsql ? (David Ford <david@blue-labs.org>) |
Список | pgsql-general |
Here is the corresponding entry from my internal knowledge-base: it includes many information that was valueable for me and also information about different versions I tried and where I downloaded them ... It also includes much thanx to Tommi - I never would have made it without it (if you include parts of my info, please include this thanks) I didnt even know about your howto - if your update it, pleae be sure to mail me and maybe Tommi and the other project can set a link to your page. best, peter ---------- Finally I made userauthentication via a postgresdatabase working. I could not get a pam-module working, but a libnss-module. While I dont know much about this, imho libnss is still a level deeper than pam. So a application can auth via pam and pam is then using nss. A typical pam-entry would look like: account required /lib/security/pam_unix.so and this pam_unix will then use configs defined in nsswitch.conf (see below) at the moment I got it working with samba and cyrus imapd (details see below or seperate entries) but now to work: This all is happening under Mandrake 8.x. The final installation occured on a brand new Mandrake8.1-installation, but I had the same problems with several Mandrake8.0-Machines. I) download the libnss-pgsql-source. There are different version out there: Tommi Mkitalo, who helped me very much with this stuff has versions under http://www.maekitalo.de, that were segfaulting here (maybe due a wrong configured postgres-server). His version seems to be based on version 0.9 of the official sourceforge-sysauth-pgsql-project that can be found under http://sourceforge.net/projects/sysauth-pgsql There I downloaded version libnss-pgsql-1.0.0. All the following applies to this version, but when trying to compile I encountered the same problems on both version. The 1.0.0 has a bit more features. It gives errors when the database is misconfigured and the groups-command is working .. but basically they seem to do exactely the same. II) prerequisites: I dont know which of the following steps are really necessary to compile the libnss_pgsql-module, cause first I tried pam_pgsql and few of these steps were needed to compile pam_pgsql .. I had a full working postgres-installation installed (compiled manually, so it contains all the headers and so on). Unfortunately I had some problems with the libs. Even when I added the postgres-lib-path to /etc/ld.so.config by adding a line '/usr/local/pgsql/lib' and running ldconfig the libs were not linked proper. So I copied the libs from /usr/local/pgsql/lib to /usr/local/lib and it worked. Also there were problems of missing header-files when compiling libss_pgsql. To avoid this, I copied all postgres-headers to the libnss-src (not overwrite config.h !!) and additionally edit the file src/backend.c and changed the line #include <postgresql/libpq-fe.h> to #include <libpq-fe.h> My pam was installed per rpm on install and I had to install the package pam-devel.rpm to get the needed pam-headerfiles. * get, compile, install full postgres 7.1.3 * cp -d /usr/local/pgsql/lib/* /usr/local/lib/* * cp /usr/local/pgsql/include/*.h /usr/src/libnss_pgsql-1.0.0/src/ # !! dont overwrite config.h !!! * vi src/backend.c # change the #include <postgresql/libpq-fe.h> -line * install pam-devel.rpm III) compile ./configure --with-gnu-ld I didnt specify the target-directories in this step, so I had to deal with wrong dirs later .. Maybe using the --prefix=/ option would have been a fine idea .. make Nothing bad should happen here anymore, but you should see the -lpq switch on the commandlines running by. Now you can test, if the file was compiled proper: # ld src/.libs/libnss_pgsql.so ld: warning: cannot find entry symbol _start; not setting start address There should be no more warning/error than this (not PQxxx missing or whatever) make install IV) postrequisites Guess you wont need that if you use the correct prefix-option above. * cp -d /usr/local/lib/libnss_pgsql* /lib/ * touch /etc/nss-pgsql.conf; ln -s /etc/nss-pgsql.conf /usr/local/etc/nss-pgsql.conf V) config I followed the instructions in the conf/-subfolder. There is a very nice demo-database that I modified a bit (removed the subnet and modem-entry and added my own addons). There are three tables: * groups will hold the groups * accounts will hold der user * usergroups will relate the two other tables. You can add user-group-relations here. Just add the UID/GID - combinationhere for each group ----------- -- mag. peter pilsl phone: +43 676 3574035 fax : +43 676 3546512 email: pilsl@goldfisch.at sms : pilsl@max.mail.at pgp-key available
В списке pgsql-general по дате отправления: