authentication question

Поиск

Список

Период

Сортировка

От	Craig White
Тема	authentication question
Дата	9 ноября 2006 г. 02:54:34
Msg-id	1163042728.14079.22.camel@lin-workstation.azapple.com обсуждение исходный текст
Ответы	Re: authentication question
Список	pgsql-general

Дерево обсуждения

CentOS 4.4 which means postgresql-server-7.4.13-2.RHEL4.1

I'm starting to deal with the notion of allowing other users access
(read only) to a db.

Experimenting on my own db...

host    all     main_user       192.168.2.10    255.255.255.0   trust
host    all     all             127.0.0.1       255.255.255.255 trust
host    all     craig           192.168.2.10    255.255.255.255 pam

because I want to use LDAP authentication via pam.

logs say...
Nov  8 20:18:26 srv1 postgresql: Starting postgresql service:  succeeded
Nov  8 20:18:39 srv1 postgres[21020]: PAM audit_open() failed:
Permission denied
Nov  8 20:18:39 srv1 postgres[21020]: [2-1] LOG:  pam_authenticate
failed: System error
Nov  8 20:18:39 srv1 postgres[21020]: [3-1] FATAL:  PAM authentication
failed for user "craig"

Below is pam info - if anyone can tell me how I might configure this so
I can authenticate via LDAP I would appreciate it.

Craig

# cat /etc/pam.d/postgresql
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

which was cribbed from /etc/pam.d/sshd

# cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account     [default=bad success=ok
user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

В списке pgsql-general по дате отправления:

Предыдущее

От: Christopher Browne
Дата: 09 ноября 2006 г., 02:04:46
Сообщение: Re: Does PostgreSQL support multi-instancing?

Следующее

От: mike
Дата: 09 ноября 2006 г., 03:02:57
Сообщение: Re: planer picks a bad plan (seq-scan instead of index)

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

authentication question

Предыдущее

Следующее