Re: pam authentication for postgres

Jason Tesser wrote:
>> Please post a comprehensive description of what you're trying to do
>> together with the configuration files you use.
>
> I thought I did that sorry.  I am trying to get Postgres to authenticate through Pam so I can authenticate to Active
> Directory on our network.  All the steps I took are posted below.  If you notice the messages I pasted from my logs
> you will see that winbind is authenticating ok but for some reason Postgres still denies access.

How do you manage to get any pam_winbind messages into that if pam_stack
is the only referenced module in your configuration? The stuff you
quoted below is cut and pasted from the mail I sent to you. I suspect
your actual config files look different.

I suggest you follow the below description "to the point" until you have
pam authentication using the "local unix" passwords (including the group
membership for the postgresql user to read /etc/shadow). That is what
worked for me on first try just by following that example. From that
point on you know that postgres is using pam and you can muck about with
the Active Directory link, because from there everything happens in the
/etc/pam.d/postgresql file only.


Jan

>
> <snip>
>>
>> here is the messages I have is the log from trying to log in
>>
>> Nov 26 08:55:16 localhost postgresql(pam_unix)[22693]: authentication failure; logname= uid=26 euid=26 tty= ruser=
rhost= user=cherring 
>> Nov 26 08:55:16 localhost pam_winbind[22693]: user 'cherring' granted acces
>>
>> as you can see winbind is actually granting access but fro some reason poasgres still denies it.
>> weird.  any ideas.
>>
> <snip> postgresql/linux/pam setup.
>>>
>>> 0) configure postgresql for pam, for example
>>>
>>>       [root ( at ) omega tmp]# grep pam /usr/local/pgsql/data/pg_hba.conf
>>>       host    all         all          137.75.0.0        255.255.0.0       pam
>>>
>>> 1) create a /etc/pam.d/postgresql entry, here's how i did mine
>>>
>>>       [root ( at ) omega tmp]# cp /etc/pam.d/passwd /etc/pam.d/postgresql
>>>
>>>   i don't know if it's the best setup, but it works!  mine looks like this
>>>
>>>       [root ( at ) omega tmp]# cat /etc/pam.d/postgresql
>>>       #%PAM-1.0
>>>       auth       required     /lib/security/pam_stack.so service=system-auth
>>>       account    required     /lib/security/pam_stack.so service=system-auth
>>>       password   required     /lib/security/pam_stack.so service=system-auth
>>
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
>                http://www.postgresql.org/docs/faqs/FAQ.html


--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me.                                  #
#================================================== JanWieck@Yahoo.com #