> i had quite a difficult time getting pam authentication to work with
> postgresql, as have a good deal many other people. turns out, since
> postgresql runs as a non-privleged used, that pam was failing since the
> process using it (postgresql) didn't have read permissions for /etc/shadow.
>
> now, i read the faq and this is mentioned, but i would like to confirm that
> the only two approaches to this sort of problem are setuid type fixes and
> normal file permission type fixes? can someone confirm this definitively?
A third possibility might be to ask some kind auf authentication service.
This could either be an existing system (e.g. Kerberos, LDAP server, NT
Domain Controller or RADIUS) or an own implementation more tailored to
your needs.
For your purpose it schould be possible to use a pam-aware RADIUS server
as authentication proxy:
- use a RADIUS module to authenticate postgresql users.
- use the normal UNIX authentication module in the PAM
configuration for the radius daemon.
Tobias
--
Tobias Schaefer Phone 07071-9457-0
science + computing ag FAX 07071-9457-27
Hagellocher Weg 71-75
D-72070 Tuebingen Email: T.Schaefer@xxxxxxxxxxxxxxxxxxxx
WWW: http://www.science-computing.de/
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
