PostgreSQL/PAM problem

Thomas Kirchtag <tkircht@xxxxxxxxx> · Wed, 15 Jul 2009 08:33:08 +0200

Sorry if this comes a t a repost, but I never saw my original post appear in the list and deither did I get any answers...
======
I am trying to set up PAM-auth for a small testing system but I am stuck with a strange problem.

The
system authenticates OK (both login and ssh can authenticate using the
LDAP accounts) but trying to login to the same account to postgresql
fails. I have setup a login role with the same name and authenticating
against postgresql as that user works. my pg_hba.conf looks like this:

local   all         postgres                          ident sameuser
local   all         all                               ident sameuser
host    all         all         127.0.0.1/32          md5

host    ip_cis nagios      xx.116.13.224/27      md5
host    ip_cis all         xx.116.13.224/27      pam

I try to connect as:
psql -h cis.ipxxx.at -U tkircht -d ip_cis

My log (debug level 5) comes up with those lines even before I entered a password:

2009-07-08 21:28:06 CEST LOG:  00000: connection received: host=xx.116.13.253 port=47092
2009-07-08 21:28:06 CEST LOCATION:  BackendInitialize, postmaster.c:3027

2009-07-08 21:28:06 CEST LOG:  00000: pam_authenticate failed: Permission denied
2009-07-08 21:28:06 CEST LOCATION:  CheckPAMAuth, auth.c:1345
2009-07-08 21:28:06 CEST FATAL:  28000: PAM authentication failed for user "tkircht"

2009-07-08 21:28:06 CEST LOCATION:  auth_failed, auth.c:1003

my pam stack looks (after many other attempts) like this:

auth    sufficient      pam_ldap.so

This suggests some problems accessing some pam-related file but I cannot imagine which one?

The server runs on Debian 5 by the way.

Any pointers would be highly appreciated - the PostgreSQL documentation is pretty thin on this..

Thanks!

Thomas