Обсуждение: How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?
Hello, I am new to Linux and setup 6 Computers with Debian: 1) 2 Workstations 2) 2 Intranet Servers 3) PostgreSQL Server 4) Router The two Intranet Servers are now working with NFSv4/TCP, Apache2 with suphp and php5, courier-imap/mta/mlm My Router is working to and use IPT, bind9 and apache2 with mod_proxy forwarding traffic to the two Intranet Servers. Also the Workstations are working fine. Now I like to switch with the authentification to libpam-pgsql/libnss-pgsql2 but I hit a problem with the PostgreSQL, becauseit refuse any connections from the network. I have setup in the postgresql.conf listen_addresses = '192.168.0.3' and in the pg_hba.conf local all postgres ident sameuser host system root 192.168.0.0/24 md5 now restarted postgresql and "system" with the psql commandline tool. Then imported the SQL Scheme from libpam-pgsql. OK, now on a workstation I installed libpam-pgsql and libnss-pgsql2 leave a terminal open to revert the PAM/NSS files ifsomething goes wrong and setup the files /etc/pam.d/common-account /etc/pam.d/common-auth /etc/pam.d/common-password to use the PostgreSQL database and now I was XXXX! nothing is working anymore. I can not even connect to the PostgreSQLserver. Can someone tell me please, how to setup PostgreSQL so I can use it with libpam-pgsql and libnss-pgsql2? Thanks PCMOS freenetMail mobil – Alle E-Mails auf Ihrem Handy versenden und empfangen. Jetzt kinderleicht und kostenlos einrichten. http://tls.freenet.de/tipp/handymail/index.html
OK, now I can connect to the PostgreSQL Server but it is weird... > -----Ursprüngliche Nachricht----- > and in the pg_hba.conf > local all postgres ident sameuser > host system root 192.168.0.0/24 md5 I can not use "root" as the owner of the database... Now I have created a user named "system" and changed from "root" to "system" is now working Can someone tell me the command line, how to restrict the access to DB "system" to user "system" only? Thanks -- Exklusiv: Neue E-Mail-Adresse @iPhone.de jetzt verfügbar! Sichern Sie sich jetzt ihre persönliche http://www.iphone.de/iphonemail/index.html?pid=10111947021
On 25/08/2010 3:02 AM, PMC OS wrote: > I am new to Linux [snip] > Now I like to switch with the authentification to libpam-pgsql/libnss-pgsql2 Honestly, in most cases you'll be much better off managing authentication with LDAP. It's a better design for the nature of authentication and user data management, where it has to handle lots of small read queries and only very rare writes. It also has better replication. Even if you're not using Samba, the smbldap-tools provide handy commands to manage users in the LDAP directory, and the debian ldap-auth-client package provides a convenient way to configure a client to authenticate against the directory. Initial setup takes a little learning, but is well worth it. If you later find that you need to store user data in a relational database for some reason, you can even configure slapd to use the database as a backend, so you're using PostgreSQL behind the scenes but your clients still talk LDAP. I've never found the need, though; I run the network at the business I'm sysadmin at with pure LDAP authentication (slapd, berkely db backend) quite happily. > to use the PostgreSQL database and now I was XXXX! nothing is working anymore. I can not even connect to the PostgreSQLserver. Even via "psql -h 192.168.0.3" ? Can you ping it? If you run "ps aux | grep postgres" on the server, are there any postgresql processes running? If you run "psql" on the server, can it connect? If not, what's the error message? If you look at /var/log/postgresql on the server, what are the last few lines in the logs? -- Craig Ringer
Good morning, > -----Ursprüngliche Nachricht----- > Von: Craig Ringer > Honestly, in most cases you'll be much better off managing > authentication with LDAP. It's a better design for the nature of > authentication and user data management, where it has to handle lots > of > small read queries and only very rare writes. It also has better > replication. We are only 20 persones in total and do not have the need to handel several 100 or 1000 requests in a short time Also since we do much more with the database we need it anyway and LDAP would get its data from PostgreSQL... because I donot like to maintain two systems at once which can do the same job. Have now installed slapd on my OMAP L138 but now it has crashed the kernel and I cna not more boot the server because itwant o init slapd and crash. > Even if you're not using Samba, the smbldap-tools provide handy > commands > to manage users in the LDAP directory, How does this manage the user accountts and there homes? It does not seem to create $HOME and copy the files from /etc/skel which I have already prepared... > and the debian > ldap-auth-client > package provides a convenient way to configure a client to > authenticate > against the directory. I have not found this package apt-cache show ldap-auth-client W: Kann Paket ldap-auth-client nicht finden E: Keine Pakete gefunden > Even via "psql -h 192.168.0.3" ? Now it works... (see other mail) I was not able to conenct as "root" and had to create an other user "system" and now Ican connect Have a nice day Exklusiv: Neue E-Mail-Adresse @iPhone.de jetzt verfügbar! Sichern Sie sich jetzt ihre persönliche http://www.iphone.de/iphonemail/index.html?pid=10111947021
On 25/08/10 14:18, PMC OS wrote: > Good morning, > >> -----Ursprüngliche Nachricht----- >> Von: Craig Ringer >> Honestly, in most cases you'll be much better off managing >> authentication with LDAP. It's a better design for the nature of >> authentication and user data management, where it has to handle lots >> of >> small read queries and only very rare writes. It also has better >> replication. > > We are only 20 persones in total and do not have the need to handel several 100 or 1000 requests in a short time > > Also since we do much more with the database we need it anyway and LDAP would get its data from PostgreSQL... because Ido not like to maintain two systems at once which can do the same job. Well, fair enough then. Personally with that many people I'd certainly want to use LDAP (for lower response latencies if nothing else), but each to their own. You'll probably want to use nscd on the client machine(s) to take some of the load off Pg. > Have now installed slapd on my OMAP L138 but now it has crashed the kernel and I cna not more boot the server because itwant o init slapd and crash. That's ... surprising. Kernel panic? Or is it just that slapd is crashing? > How does this manage the user accountts and there homes? > It does not seem to create $HOME and copy the files from /etc/skel which I have already prepared... Most likely the same way you'll be doing it with pam auth against postgresql: pam_mkhomedir . It has a decent man page. > I have not found this package > > apt-cache show ldap-auth-client > W: Kann Paket ldap-auth-client nicht finden > E: Keine Pakete gefunden My bad. Looks like it's an Ubuntu extension, just a metapackage that pulls in libnss-ldap and libpam-ldap and provides a bit of config support for them. -- Craig Ringer Tech-related writing: http://soapyfrogs.blogspot.com/
Good evening, > -----Ursprüngliche Nachricht----- > Von: Craig Ringer > > > > Have now installed slapd on my OMAP L138 but now it has crashed the > > kernel and I cna not more boot the server because it want o init > > slapd and crash. > That's ... surprising. > Kernel panic? Or is it just that slapd is crashing? First PostgreSQL is started and then it try to start slapd and the whole system panics. I have the problem with severalprograms which want run on ARMEL architecture even if there are compiled for it. I use the Debian standard distribution Lenny and Squeeze but I am ongoing to recompile the whole system for EmDebian ifmy Shiva-Plug > > apt-cache show ldap-auth-client > > W: Kann Paket ldap-auth-client nicht finden > > E: Keine Pakete gefunden > My bad. Looks like it's an Ubuntu extension, just a metapackage that > pulls in libnss-ldap and libpam-ldap and provides a bit of config > support for them. :-/ Greetings freenetMail mobil – Alle E-Mails auf Ihrem Handy versenden und empfangen. Jetzt kinderleicht und kostenlos einrichten. http://tls.freenet.de/tipp/handymail/index.html