Re: postgresql 7.4.6 and pam_ldap

Поиск
Список
Период
Сортировка
От Gémes Géza
Тема Re: postgresql 7.4.6 and pam_ldap
Дата
Msg-id 41DC5A19.9020506@kzsdabas.sulinet.hu
обсуждение исходный текст
Ответ на postgresql 7.4.6 and pam_ldap  (Thomas Leduc <thomas.leduc@cerma.archi.fr>)
Ответы Re: postgresql 7.4.6 and pam_ldap
Список pgsql-admin
Дерево обсуждения 
Thomas Leduc írta:

>Hi,
>I know that i'm not the 1st one who want's to use pam_ldap to
>authenticate users (55 posts with keywords ldap and pam...). But it
>also didn't work for me. Please, what's wrong with the following:
>
>% pg_config --configure
>'--host=i386-redhat-linux' '--build=i386-redhat-linux'
>[...]
>'--with-openssl' '--with-pam' '--with-krb5=/usr' '--enable-nls'
>[...]
>
>% cat <<EOF > pg_hba.conf
>local   all             postgres                        ident sameuser
>local   all             all                             pam postgresql
>host    all             all     127.0.0.1/32            pam postgresql
>host    all             all     192.168.10.0/24         pam postgresql
>EOF
>
>% cat <<EOF > /etc/pam.d/postgresql--tage
>auth       required     pam_stack.so service=system-auth
>EOF
>
>% pg_ctl reload
>% createuser --adduser --createdb leduc
>% createdb --owner=leduc --echo leduc
>
>% id postgres
>uid=26(postgres) gid=26(postgres) groupes=26(postgres)
>$ psql --quiet leduc
>leduc=# SELECT 1+1;
>...            IT WORKS !!!
>
>% id
>uid=252(leduc) gid=100(users) groupes=100(users)
>% psql
>Mot de passe :
>psql: FATAL:  PAM authentication échouée pour l'utilisateur "leduc"
>...            IT DOESN'T WORK !!!
>% tail -f /var/log/messages
>Jan  5 17:41:17 tage postgresql(pam_unix)[12625]: auth could not identify password for [leduc]
>Jan  5 17:41:21 tage postgresql(pam_unix)[12627]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost=
user=leduc
>
>% psql -U leduc -W
>Mot de passe :
>psql: FATAL:  PAM authentication échouée pour l'utilisateur "leduc"
>...                     IT DOESN'T WORK !!!
>% tail -f /var/log/messages
>Jan  5 17:42:11 tage postgresql(pam_unix)[12635]: authentication failure; logname= uid=26 euid=26 tty= ruser= rhost=
user=leduc
>
>
>
I would suggest to retry it with a postgres user readable
/etc/pam.d/postgresql
an with a pg_hba.conf without postgres specified on the last field after
pam. Also if you want ldap authentication, take care, that in
/etc/pam.d/postgresql you don't reference any other non pam_ldap module,
and your /etc/ldap.conf is readable by postgres user.

Good Luck!

Geza

В списке pgsql-admin по дате отправления: