Hi, I'm trying to configure Postgres to authenticate NIS users through pam. Here is my setup: Server version: PostgreSQL 15.2 on x86_64-redhat-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-18), 64-bit Relevant pg_hba lines: host all psql all md5 host all all all pam PAM: /etc/pam.d/postgresql #%PAM-1.0 auth include password-auth account include password-auth /etc/pam.d/password-auth # Generated by authselect on Wed Jan 31 12:48:13 2024 # Do not modify this file manually. auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth sufficient pam_unix.so nullok auth required pam_deny.so account required pam_unix.so broken_shadow password requisite pam_pwquality.so local_users_only password sufficient pam_unix.so sha512 shadow nullok use_authtok nis password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so -session optional pam_systemd.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so Pam service seems to be okay, ie if I provide the correct pass, it lets me through with both local and NIS accounts: % pamtester -v postgresql <localuser> authenticate pamtester: invoking pam_start(postgresql, <localuser>, ...) pamtester: performing operation - authenticate Password: pamtester: successfully authenticated % pamtester -v postgresql <nisuser> authenticate pamtester: invoking pam_start(postgresql, <nisuser>, ...) pamtester: performing operation - authenticate Password: pamtester: successfully authenticated Users exist in Postgres with login permission, required NIS daemons are up and running, tools like ypwhich or ypcat are working fine. But when I try to connect to Postgres server using NIS account, authentication fails: psql: error: connection to server at "<hostname>" (10.65.31.25), port 5432 failed: FATAL: PAM authentication failed for user "<nisuser>" Server logs: [52] DEBUG: forked new backend, pid=564 socket=10 [564] DEBUG: InitPostgres [564] DEBUG: my backend ID is 3 [564] DEBUG: StartTransaction(1) name: unnamed; blockState: DEFAULT; state: INPROGRESS, xid/subid/cid: 0/1/0 [564] DEBUG: shmem_exit(0): 4 before_shmem_exit callbacks to make [564] DEBUG: shmem_exit(0): 6 on_shmem_exit callbacks to make [564] DEBUG: proc_exit(0): 2 callbacks to make [564] DEBUG: exit(0) [564] DEBUG: shmem_exit(-1): 0 before_shmem_exit callbacks to make [564] DEBUG: shmem_exit(-1): 0 on_shmem_exit callbacks to make [564] DEBUG: proc_exit(-1): 0 callbacks to make [52] DEBUG: reaping dead processes [52] DEBUG: server process (PID 564) exited with exit code 0 [52] DEBUG: forked new backend, pid=566 socket=10 [566] DEBUG: InitPostgres [566] DEBUG: my backend ID is 3 [566] DEBUG: StartTransaction(1) name: unnamed; blockState: DEFAULT; state: INPROGRESS, xid/subid/cid: 0/1/0 [566] DEBUG: received password packet [566] LOG: pam_authenticate failed: Authentication failure [566] FATAL: PAM authentication failed for user "<nisuser>" [566] DETAIL: Connection matched pg_hba.conf line 105: "host all all all pam" [566] DEBUG: shmem_exit(1): 4 before_shmem_exit callbacks to make [566] DEBUG: shmem_exit(1): 6 on_shmem_exit callbacks to make [566] DEBUG: proc_exit(1): 2 callbacks to make [566] DEBUG: exit(1) [566] DEBUG: shmem_exit(-1): 0 before_shmem_exit callbacks to make [566] DEBUG: shmem_exit(-1): 0 on_shmem_exit callbacks to make [566] DEBUG: proc_exit(-1): 0 callbacks to make [52] DEBUG: reaping dead processes [52] DEBUG: server process (PID 566) exited with exit code 1 Secure log: <nisuser>[564]: psql 10.65.31.25(39990) authentication: pam_unix(postgresql:auth): username [<nisuser>] obtained <nisuser>[564]: psql 10.65.31.25(39990) authentication: pam_unix(postgresql:auth): conversation failed <nisuser>[564]: psql 10.65.31.25(39990) authentication: pam_unix(postgresql:auth): auth could not identify password for [<nisuser>] <nisuser>[566]: psql 10.65.31.25(40004) authentication: pam_unix(postgresql:auth): username [<nisuser>] obtained <nisuser>[566]: psql 10.65.31.25(40004) authentication: pam_unix(postgresql:auth): check pass; user unknown <nisuser>[566]: psql 10.65.31.25(40004) authentication: pam_unix(postgresql:auth): authentication failure; logname= uid=26 euid=26 tty= ruser= rhost=10.65.31.25 All of this works fine for 'local' Linux accounts. Am I missing something? thanks, -- wbr, Andrey