Re: PAM documentation

Alvaro Herrera wrote:
> On Wed, Apr 27, 2005 at 12:03:54PM -0400, Bruce Momjian wrote:
> > Tom Lane wrote:
> > > momjian@svr1.postgresql.org (Bruce Momjian) writes:
> > > > Mention that PAM requires the user already exist in the database, per
> > > > Dick Davies.
> > >
> > > I don't recall exactly what Dick suggested, but the patch as applied
> > > seems like fairly useless verbiage.  Exactly which of our other auth
> > > methods allow users who *don't* exist in the database to log in?
> > > And why would anyone find it surprising that this does not happen?
> >
> > Can someone comment if having to create the database user account to use
> > PAM is something that people forget?  Is there increased confusion
> > because PAM is usually used for the operating system usernames?
> >
> > Attached is the addition I made to the docs recently.  Is it useful?
>
> Yes, because PAM works different on other systems, specially if it's
> configured to use LDAP or some such.  Though I'd rephrase with something
> like
>
> >       default PAM service name is <literal>postgresql</literal>. You can
> >       optionally supply your own service name after the <literal>pam</>
> >       key word in the file <filename>pg_hba.conf</filename>.
> > !     Note that PAM is only used to validate username/password pairs;
> > !     therefore, the user must already exist in the database before PAM
> > !     can be used for authentication.  For more information about
> > !     PAM, please read the <ulink url="http://www.kernel.org/pub/linux/libs/pam/">

OK, update done:

    PAM is used only to validate username/password pairs.
    Therefore the user must already exist in the database before PAM
    can be used for authentication.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073