Обсуждение: Problem with PAM/LDAP auth
I am trying to set up PAM-auth for a small testing system but I am stuck with a strange problem.
The system authenticates OK (both login and ssh can authenticate using the LDAP accounts) but trying to login to the same account to postgresql fails. I have setup a login role with the same name and authenticating against postgresql as that user works. my pg_hba.conf looks like this:
local all postgres ident sameuser
local all all ident sameuser
host all all 127.0.0.1/32 md5
host ip_cis nagios xx.116.13.224/27 md5
host ip_cis all xx.116.13.224/27 pam
I try to connect as:
psql -h cis.ipxxx.at -U tkircht -d ip_cis
My log (debug level 5) comes up with those lines even before I entered a password:
2009-07-08 21:28:06 CEST LOG: 00000: connection received: host=xx.116.13.253 port=47092
2009-07-08 21:28:06 CEST LOCATION: BackendInitialize, postmaster.c:3027
2009-07-08 21:28:06 CEST LOG: 00000: pam_authenticate failed: Permission denied
2009-07-08 21:28:06 CEST LOCATION: CheckPAMAuth, auth.c:1345
2009-07-08 21:28:06 CEST FATAL: 28000: PAM authentication failed for user "tkircht"
2009-07-08 21:28:06 CEST LOCATION: auth_failed, auth.c:1003
my pam stack looks (after many other attempts) like this:
auth sufficient pam_ldap.so
This suggests some problems accessing some pam-related file but I cannot imagine which one?
The server runs on Debian 5 by the way.
Any pointers would be highly appreciated - the PostgreSQL documentation is pretty thin on this..
Thanks!
Thomas
The system authenticates OK (both login and ssh can authenticate using the LDAP accounts) but trying to login to the same account to postgresql fails. I have setup a login role with the same name and authenticating against postgresql as that user works. my pg_hba.conf looks like this:
local all postgres ident sameuser
local all all ident sameuser
host all all 127.0.0.1/32 md5
host ip_cis nagios xx.116.13.224/27 md5
host ip_cis all xx.116.13.224/27 pam
I try to connect as:
psql -h cis.ipxxx.at -U tkircht -d ip_cis
My log (debug level 5) comes up with those lines even before I entered a password:
2009-07-08 21:28:06 CEST LOG: 00000: connection received: host=xx.116.13.253 port=47092
2009-07-08 21:28:06 CEST LOCATION: BackendInitialize, postmaster.c:3027
2009-07-08 21:28:06 CEST LOG: 00000: pam_authenticate failed: Permission denied
2009-07-08 21:28:06 CEST LOCATION: CheckPAMAuth, auth.c:1345
2009-07-08 21:28:06 CEST FATAL: 28000: PAM authentication failed for user "tkircht"
2009-07-08 21:28:06 CEST LOCATION: auth_failed, auth.c:1003
my pam stack looks (after many other attempts) like this:
auth sufficient pam_ldap.so
This suggests some problems accessing some pam-related file but I cannot imagine which one?
The server runs on Debian 5 by the way.
Any pointers would be highly appreciated - the PostgreSQL documentation is pretty thin on this..
Thanks!
Thomas