Re: PAM ldap

* Kavan, Dan (IMS) <KavanD@imsweb.com> [0149 18:49]:
>
> Hi,  I'm running postgresql 8.0.rc5 on SUSE.
> I have the pg_hba.conf file configured with
> local    all    smith    ident sameuser
> host    all    smith    ident sameuser
>
> The way authentication works with that is that configuration is that if
> I'm logged in as smith with my company ldap server I can get in, but if
> I'm not directly logged in as smith, I can't get in.  Having the word
> pam in this file at all causes an error.  I'd like to use pam so
> postgres could do it's own ldap/pam lookups, but I keep getting an error
> that it doesn't know what pam is.  I see in the logs that the pam server
> starts, but I still get an error.

You didn't show the broken config, but assuming it's something like

# TYPE     DATABASE    USER        IP-ADDRESS      IP-MASK           METHOD
hostssl    all         all         127.0.0.1       255.255.255.255   pam

then perhaps you don't have pam support built into postgres?


> /etc/pam.d/postgresql
> auth    required        pam_unix2.so    nullok
> account required        pam_unix2.so

This is going to do unix auth, obviously, so you'll need to s/unix/ldap/ on that...

--
'You may need to metaphorically make a deal with the devil.
By 'devil' I mean robot devil and by 'metaphorically' I mean get your coat.'
        -- Bender
Rasputin :: Jack of All Trades - Master of Nuns