Tom Lane wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
> > You can authenticate users with PAM, which amounts more or less to the
> > same thing.
>
> I believe though that using PAM against /etc/shadow would require the
> postmaster to run as root. You need some external authentication
> server; PAM by itself isn't going to solve it. Maybe LDAP or Kerberos?
At least my system seems to provide a setgid helper program that's
supposed to read /etc/shadow, to work around this problem.
BTW I notice that this does not work unless the client supplies the
password the first time around; psql does not retry. It only works if I
do "psql -W".
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support