Re: anyone knows about pam_pgsql ?

Hello Peter,

nss and pam are different things. Pam is almost unusable without a
suitable nss-module. Nss make a user to exist in your system. Pam
checkes (among other things), if he is allowed to use a service. If you
use pam_pgsql without libnss-pgsql you have to add every user to your
/etc/passwd. But you don't need to give them passwords. That's what pam
does.

I checked my version of libnss-pgsql. I get a compile-error in
backend.c. The include-path of postgresql is errorenous. I checked that
and updated to 0.9.0tm3. The version libnss-pgsql-1.00 has the same bug.

There instructions to install the module is almost not there. You should
do this:
- download
- tar xvzf libnss-pgsql-0.9.0tm3.tar.gz
- cd libnss-pgsql-0.9.0tm3
- ./configure
- make
- make install (as root)
- set up your database (you can find a example schema in crebas.sql)
- edit nss-pgsql.conf and copy to /etc/nss-pgsql.conf
- edit /etc/nsswitch.conf to use pgsql (change 'passwd: compat' to
'passwd: files pgsql' and 'group: compat' to 'group: files pgsql'

It should work now. You can try it out with 'chown pguser ttt'. The file
ttt need not exist. 'chown' should complain about it. If you libnss does
not work it complains about not existing user 'pguser'.


Tommi


Peter Pilsl wrote:

>thnx a lot for your reply. I would like to give the nss a try, but I
>dont have the slightest idea how to use it (in case I managed to
>compile).
>
>I just know how to use pam by adding a appropriate login-file to /etc/pam.d/ that contains things like:
>auth       required     /lib/security/pam_securetty.so
>auth       required     /lib/security/pam_stack.so service=system-auth
>auth       required     /lib/security/pam_nologin.so
>account    required     /lib/security/pam_stack.so service=system-auth
>password   required     /lib/security/pam_stack.so service=system-auth
>session    required     /lib/security/pam_stack.so service=system-auth
>session    optional     /lib/security/pam_console.so
>
>how would look this enty in case I'm using one of the nss-pgsql-tools ?
>
>sorry, but I'm really 100% newbie on nss.
>
>thnx,
>peter
>
>>
...