Re: anyone knows about pam_pgsql ?
| От | Tommi Mäkitalo |
|---|---|
| Тема | Re: anyone knows about pam_pgsql ? |
| Дата | |
| Msg-id | 3C0213A5.9020704@epgmbh.de обсуждение исходный текст |
| Ответ на | anyone knows about pam_pgsql ? (Peter Pilsl <pilsl@goldfisch.at>) |
| Список | pgsql-general |
Hello Peter, nss and pam are different things. Pam is almost unusable without a suitable nss-module. Nss make a user to exist in your system. Pam checkes (among other things), if he is allowed to use a service. If you use pam_pgsql without libnss-pgsql you have to add every user to your /etc/passwd. But you don't need to give them passwords. That's what pam does. I checked my version of libnss-pgsql. I get a compile-error in backend.c. The include-path of postgresql is errorenous. I checked that and updated to 0.9.0tm3. The version libnss-pgsql-1.00 has the same bug. There instructions to install the module is almost not there. You should do this: - download - tar xvzf libnss-pgsql-0.9.0tm3.tar.gz - cd libnss-pgsql-0.9.0tm3 - ./configure - make - make install (as root) - set up your database (you can find a example schema in crebas.sql) - edit nss-pgsql.conf and copy to /etc/nss-pgsql.conf - edit /etc/nsswitch.conf to use pgsql (change 'passwd: compat' to 'passwd: files pgsql' and 'group: compat' to 'group: files pgsql' It should work now. You can try it out with 'chown pguser ttt'. The file ttt need not exist. 'chown' should complain about it. If you libnss does not work it complains about not existing user 'pguser'. Tommi Peter Pilsl wrote: >thnx a lot for your reply. I would like to give the nss a try, but I >dont have the slightest idea how to use it (in case I managed to >compile). > >I just know how to use pam by adding a appropriate login-file to /etc/pam.d/ that contains things like: >auth required /lib/security/pam_securetty.so >auth required /lib/security/pam_stack.so service=system-auth >auth required /lib/security/pam_nologin.so >account required /lib/security/pam_stack.so service=system-auth >password required /lib/security/pam_stack.so service=system-auth >session required /lib/security/pam_stack.so service=system-auth >session optional /lib/security/pam_console.so > >how would look this enty in case I'm using one of the nss-pgsql-tools ? > >sorry, but I'm really 100% newbie on nss. > >thnx, >peter > >> ...
В списке pgsql-general по дате отправления: