Обсуждение: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and 10 rpms on CentOS 7
[pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and 10 rpms on CentOS 7
От
Jesper St John
Дата:
When installing postgresql-server package, it puts a file in /etc/pam.d/ called postgresql%{majorversion}. Postgres source says this (src/backend/libpq/auth.c): #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */ That creates the need to create a new file named /etc/pam.d/postgresql to make pam auth work for me. I've tested this with both 9.6 and 10 beta on CentOS 7 latest. Best regards, Jesper St John admin@zonezero.se Suggested patch below: diff --git a/rpm/redhat/10/postgresql/master/postgresql-10.spec b/rpm/redhat/10/postgresql/master/postgresql-10.spec index d6e53b0c..32542462 100644 --- a/rpm/redhat/10/postgresql/master/postgresql-10.spec +++ b/rpm/redhat/10/postgresql/master/postgresql-10.spec @@ -781,7 +781,7 @@ install -m 755 %{sname}.init %{buildroot}%{_initrddir}/%{sname}-%{pgmajorversion %if %pam install -d %{buildroot}/etc/pam.d -install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname}%{pgmajorversion} +install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname} %endif # Create the directory for sockets. @@ -1231,7 +1231,7 @@ fi %config(noreplace) %{_initrddir}/%{sname}-%{pgmajorversion} %endif %if %pam -%config(noreplace) /etc/pam.d/%{sname}%{pgmajorversion} +%config(noreplace) /etc/pam.d/%{sname} %endif %attr (755,root,root) %dir /etc/sysconfig/pgsql %{pgbaseinstdir}/bin/initdb
Re: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and10 rpms on CentOS 7
От
Devrim Gündüz
Дата:
Hi Jesper, Seems reasonable. I'll apply this patch early next week. Regards, Devrim On Thu, 2017-06-08 at 14:11 +0200, Jesper St John wrote: > When installing postgresql-server package, it puts a file in /etc/pam.d/ > called postgresql%{majorversion}. > > Postgres source says this (src/backend/libpq/auth.c): > #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */ > > That creates the need to create a new file named /etc/pam.d/postgresql > to make pam auth work for me. > > I've tested this with both 9.6 and 10 beta on CentOS 7 latest. > > > Best regards, > Jesper St John > admin@zonezero.se > > > > Suggested patch below: > > > diff --git a/rpm/redhat/10/postgresql/master/postgresql-10.spec > b/rpm/redhat/10/postgresql/master/postgresql-10.spec > index d6e53b0c..32542462 100644 > --- a/rpm/redhat/10/postgresql/master/postgresql-10.spec > +++ b/rpm/redhat/10/postgresql/master/postgresql-10.spec > @@ -781,7 +781,7 @@ install -m 755 %{sname}.init > %{buildroot}%{_initrddir}/%{sname}-%{pgmajorversion > > %if %pam > install -d %{buildroot}/etc/pam.d > -install -m 644 %{SOURCE14} > %{buildroot}/etc/pam.d/%{sname}%{pgmajorversion} > +install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname} > %endif > > # Create the directory for sockets. > @@ -1231,7 +1231,7 @@ fi > %config(noreplace) %{_initrddir}/%{sname}-%{pgmajorversion} > %endif > %if %pam > -%config(noreplace) /etc/pam.d/%{sname}%{pgmajorversion} > +%config(noreplace) /etc/pam.d/%{sname} > %endif > %attr (755,root,root) %dir /etc/sysconfig/pgsql > %{pgbaseinstdir}/bin/initdb > > -- Devrim Gündüz EnterpriseDB: https://www.enterprisedb.com PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR
Вложения
Re: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and10 rpms on CentOS 7
От
Jesper St John
Дата:
That is awesome news. Thanks! //Jesper 2017-06-09 12:40 skrev Devrim Gündüz: > Hi Jesper, > > Seems reasonable. I'll apply this patch early next week. > > Regards, Devrim > > On Thu, 2017-06-08 at 14:11 +0200, Jesper St John wrote: >> When installing postgresql-server package, it puts a file in >> /etc/pam.d/ >> called postgresql%{majorversion}. >> >> Postgres source says this (src/backend/libpq/auth.c): >> #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM >> */ >> >> That creates the need to create a new file named >> /etc/pam.d/postgresql >> to make pam auth work for me. >> >> I've tested this with both 9.6 and 10 beta on CentOS 7 latest. >> >> >> Best regards, >> Jesper St John >> admin@zonezero.se >> >> >> >> Suggested patch below: >> >> >> diff --git a/rpm/redhat/10/postgresql/master/postgresql-10.spec >> b/rpm/redhat/10/postgresql/master/postgresql-10.spec >> index d6e53b0c..32542462 100644 >> --- a/rpm/redhat/10/postgresql/master/postgresql-10.spec >> +++ b/rpm/redhat/10/postgresql/master/postgresql-10.spec >> @@ -781,7 +781,7 @@ install -m 755 %{sname}.init >> %{buildroot}%{_initrddir}/%{sname}-%{pgmajorversion >> >> %if %pam >> install -d %{buildroot}/etc/pam.d >> -install -m 644 %{SOURCE14} >> %{buildroot}/etc/pam.d/%{sname}%{pgmajorversion} >> +install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname} >> %endif >> >> # Create the directory for sockets. >> @@ -1231,7 +1231,7 @@ fi >> %config(noreplace) %{_initrddir}/%{sname}-%{pgmajorversion} >> %endif >> %if %pam >> -%config(noreplace) /etc/pam.d/%{sname}%{pgmajorversion} >> +%config(noreplace) /etc/pam.d/%{sname} >> %endif >> %attr (755,root,root) %dir /etc/sysconfig/pgsql >> %{pgbaseinstdir}/bin/initdb >> >>
Re: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and10 rpms on CentOS 7
От
Devrim Gündüz
Дата:
Hi, On Thu, 2017-06-08 at 14:11 +0200, Jesper St John wrote: > When installing postgresql-server package, it puts a file in /etc/pam.d/ > called postgresql%{majorversion}. > > Postgres source says this (src/backend/libpq/auth.c): > #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */ > > That creates the need to create a new file named /etc/pam.d/postgresql > to make pam auth work for me. > > I've tested this with both 9.6 and 10 beta on CentOS 7 latest. Pushed this to 9.5+. Thanks for the patch! Regards, Devrim -- Devrim Gündüz EnterpriseDB: https://www.enterprisedb.com PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR