Re: Sharing /etc/passwd with PostgreSQL

Tom Lane wrote:
> Alvaro Herrera <alvherre@commandprompt.com> writes:
> > You can authenticate users with PAM, which amounts more or less to the
> > same thing.
>
> I believe though that using PAM against /etc/shadow would require the
> postmaster to run as root.  You need some external authentication
> server; PAM by itself isn't going to solve it.  Maybe LDAP or Kerberos?

At least my system seems to provide a setgid helper program that's
supposed to read /etc/shadow, to work around this problem.

BTW I notice that this does not work unless the client supplies the
password the first time around; psql does not retry.  It only works if I
do "psql -W".

--
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support