Обсуждение: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and 10 rpms on CentOS 7
[pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and 10 rpms on CentOS 7
От
Jesper St John
Дата:
When installing postgresql-server package, it puts a file in /etc/pam.d/
called postgresql%{majorversion}.
Postgres source says this (src/backend/libpq/auth.c):
#define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */
That creates the need to create a new file named /etc/pam.d/postgresql
to make pam auth work for me.
I've tested this with both 9.6 and 10 beta on CentOS 7 latest.
Best regards,
Jesper St John
admin@zonezero.se
Suggested patch below:
diff --git a/rpm/redhat/10/postgresql/master/postgresql-10.spec
b/rpm/redhat/10/postgresql/master/postgresql-10.spec
index d6e53b0c..32542462 100644
--- a/rpm/redhat/10/postgresql/master/postgresql-10.spec
+++ b/rpm/redhat/10/postgresql/master/postgresql-10.spec
@@ -781,7 +781,7 @@ install -m 755 %{sname}.init
%{buildroot}%{_initrddir}/%{sname}-%{pgmajorversion
%if %pam
install -d %{buildroot}/etc/pam.d
-install -m 644 %{SOURCE14}
%{buildroot}/etc/pam.d/%{sname}%{pgmajorversion}
+install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname}
%endif
# Create the directory for sockets.
@@ -1231,7 +1231,7 @@ fi
%config(noreplace) %{_initrddir}/%{sname}-%{pgmajorversion}
%endif
%if %pam
-%config(noreplace) /etc/pam.d/%{sname}%{pgmajorversion}
+%config(noreplace) /etc/pam.d/%{sname}
%endif
%attr (755,root,root) %dir /etc/sysconfig/pgsql
%{pgbaseinstdir}/bin/initdb
Re: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and10 rpms on CentOS 7
От
Devrim Gündüz
Дата:
Hi Jesper,
Seems reasonable. I'll apply this patch early next week.
Regards, Devrim
On Thu, 2017-06-08 at 14:11 +0200, Jesper St John wrote:
> When installing postgresql-server package, it puts a file in /etc/pam.d/
> called postgresql%{majorversion}.
>
> Postgres source says this (src/backend/libpq/auth.c):
> #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */
>
> That creates the need to create a new file named /etc/pam.d/postgresql
> to make pam auth work for me.
>
> I've tested this with both 9.6 and 10 beta on CentOS 7 latest.
>
>
> Best regards,
> Jesper St John
> admin@zonezero.se
>
>
>
> Suggested patch below:
>
>
> diff --git a/rpm/redhat/10/postgresql/master/postgresql-10.spec
> b/rpm/redhat/10/postgresql/master/postgresql-10.spec
> index d6e53b0c..32542462 100644
> --- a/rpm/redhat/10/postgresql/master/postgresql-10.spec
> +++ b/rpm/redhat/10/postgresql/master/postgresql-10.spec
> @@ -781,7 +781,7 @@ install -m 755 %{sname}.init
> %{buildroot}%{_initrddir}/%{sname}-%{pgmajorversion
>
> %if %pam
> install -d %{buildroot}/etc/pam.d
> -install -m 644 %{SOURCE14}
> %{buildroot}/etc/pam.d/%{sname}%{pgmajorversion}
> +install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname}
> %endif
>
> # Create the directory for sockets.
> @@ -1231,7 +1231,7 @@ fi
> %config(noreplace) %{_initrddir}/%{sname}-%{pgmajorversion}
> %endif
> %if %pam
> -%config(noreplace) /etc/pam.d/%{sname}%{pgmajorversion}
> +%config(noreplace) /etc/pam.d/%{sname}
> %endif
> %attr (755,root,root) %dir /etc/sysconfig/pgsql
> %{pgbaseinstdir}/bin/initdb
>
>
--
Devrim Gündüz
EnterpriseDB: https://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR
Вложения
Re: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and10 rpms on CentOS 7
От
Jesper St John
Дата:
That is awesome news. Thanks!
//Jesper
2017-06-09 12:40 skrev Devrim Gündüz:
> Hi Jesper,
>
> Seems reasonable. I'll apply this patch early next week.
>
> Regards, Devrim
>
> On Thu, 2017-06-08 at 14:11 +0200, Jesper St John wrote:
>> When installing postgresql-server package, it puts a file in
>> /etc/pam.d/
>> called postgresql%{majorversion}.
>>
>> Postgres source says this (src/backend/libpq/auth.c):
>> #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM
>> */
>>
>> That creates the need to create a new file named
>> /etc/pam.d/postgresql
>> to make pam auth work for me.
>>
>> I've tested this with both 9.6 and 10 beta on CentOS 7 latest.
>>
>>
>> Best regards,
>> Jesper St John
>> admin@zonezero.se
>>
>>
>>
>> Suggested patch below:
>>
>>
>> diff --git a/rpm/redhat/10/postgresql/master/postgresql-10.spec
>> b/rpm/redhat/10/postgresql/master/postgresql-10.spec
>> index d6e53b0c..32542462 100644
>> --- a/rpm/redhat/10/postgresql/master/postgresql-10.spec
>> +++ b/rpm/redhat/10/postgresql/master/postgresql-10.spec
>> @@ -781,7 +781,7 @@ install -m 755 %{sname}.init
>> %{buildroot}%{_initrddir}/%{sname}-%{pgmajorversion
>>
>> %if %pam
>> install -d %{buildroot}/etc/pam.d
>> -install -m 644 %{SOURCE14}
>> %{buildroot}/etc/pam.d/%{sname}%{pgmajorversion}
>> +install -m 644 %{SOURCE14} %{buildroot}/etc/pam.d/%{sname}
>> %endif
>>
>> # Create the directory for sockets.
>> @@ -1231,7 +1231,7 @@ fi
>> %config(noreplace) %{_initrddir}/%{sname}-%{pgmajorversion}
>> %endif
>> %if %pam
>> -%config(noreplace) /etc/pam.d/%{sname}%{pgmajorversion}
>> +%config(noreplace) /etc/pam.d/%{sname}
>> %endif
>> %attr (755,root,root) %dir /etc/sysconfig/pgsql
>> %{pgbaseinstdir}/bin/initdb
>>
>>
Re: [pgsql-pkg-yum] Possible bug for pam auth in at least 9.6 and10 rpms on CentOS 7
От
Devrim Gündüz
Дата:
Hi,
On Thu, 2017-06-08 at 14:11 +0200, Jesper St John wrote:
> When installing postgresql-server package, it puts a file in /etc/pam.d/
> called postgresql%{majorversion}.
>
> Postgres source says this (src/backend/libpq/auth.c):
> #define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */
>
> That creates the need to create a new file named /etc/pam.d/postgresql
> to make pam auth work for me.
>
> I've tested this with both 9.6 and 10 beta on CentOS 7 latest.
Pushed this to 9.5+. Thanks for the patch!
Regards, Devrim
--
Devrim Gündüz
EnterpriseDB: https://www.enterprisedb.com
PostgreSQL Danışmanı/Consultant, Red Hat Certified Engineer
Twitter: @DevrimGunduz , @DevrimGunduzTR