On Sat, Dec 27, 2003 at 02:47:48PM +1100, Paul Sorenson wrote: > I have postgresql (7.3.2) set to use pam. When I use the pam_permit module: > auth required pam_permit.so > auth required pam_warn.so > account required pam_permit.so > it authenticates as expected. > When I use pam_unix: > auth required pam_unix.so > account required pam_unix.so > After getting prompted for a password I get "PAM authentication failure for > user". I am using my own login and credentials. I get a single line in > /var/log/messages: > Dec 27 11:55:03 beastie postgresql(pam_unix)[10496]: authentication failure; > logname= uid=26 euid=26 tty= ruser= rhost= user=pms > uid=26 is for the postgresql user, user=pms is the account for which I am > entering the password. > I tried adding debug/audit at the end of the pam_unix.so line but the > message appearing in /var/log/messages remained the same. > I found lots of hits on google relating to postgresql with PAM but so far I > haven't found one with a solution to this. The postgresql daemon process doesn't have access to read /etc/shadow. The standard unix_chkpwd helper binary only lets processes authenticate users corresponding to their own uid. If you really want this functionality, you will need to add the postgresql user to the shadow group (or get a unix_chkpwd command that lets the postgresql daemon authenticate arbitrary users, but I don't know of a generally available one that does this). -- Steve Langasek postmodern programmer
Attachment:
pgp00129.pgp
Description: PGP signature
