Yann (pam-list-request@xxxxxxxxxx) wrote:
and the /etc/pam.d/system-auth-pg is
configured like that :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the
next time authconfig is run.
auth required
pam_env.so
auth sufficient
pam_pgsql.so use_first_pass debug
auth sufficient
pam_unix.so nullok try_first_pass
auth requisite
pam_succeed_if.so uid >= 500 quiet
auth required
pam_deny.so
account required pam_pgsql.so
debug
account required
pam_unix.so
account sufficient
pam_succeed_if.so uid < 500 quiet
account required
pam_permit.so
password sufficient pam_pgsql.so
debug
password requisite
pam_cracklib.so try_first_pass retry=3
password sufficient
pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required
pam_deny.so
session optional
pam_keyinit.so revoke
session required
pam_limits.so
session [success=1
default=ignore]
pam_succeed_if.so service in crond quiet use_uid
session required
pam_unix.so
IMHO the pam_env call is in the wrong place. The environment setting is
a property
of accounting or (better) the session - so, i suggest to put it there.
Second, you must not specify use_first_pass if you don't have a 'first
pass', i.e.
pam_env wouldn't ask for username/password at all and you forbid
pam_pgsql to do so.
Where should the password (and maybe the user name) come from ?
Cheers
Andreas
--
Dr.-Ing. Andreas Schindler
Alpha Zero One Computersysteme GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler@xxxxxx
www.az1.de
|
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
