Re: PAM auth

Satoshi Nagayasu wrote:

>Albe,
>
>Albe Laurenz wrote:
>  
>
>>/etc/pam.d/system-auth probably uses pam_unix.so to authenticate.
>>
>>Does the user exist on the machine and have the password you try?
>>    
>>
>
>Yes, I have same user name on my linux box and postgresql,
>and they have same password (now).
>
>  
>
>>You could add 'debug' to the pam_unix.so lines in /etc/pam.d/system-auth
>>and capture what PAM logs to syslog, maybe that will help.
>>    
>>
>
>Finally, by my small program, I found the PAM module is attempting
>to read /etc/shadow to authenticate, but /etc/shadow can't be read
>by non-superuser privilege.
>
>I know, the postmaster is running under "postgres" user privilege,
>so PAM auth will always cause 'permission denied' around /etc/shadow.
>
>How can I solve this? Any ideas?
>


don't use system auth. PAM can authenticate from many sources, not just
the system password files. LDAP is a commonly used source.

cheers

andrew