I am trying to implement PAM on my local machine.
Below are the details of my setup:
OS: RHEL 6
PG: 9.2.3
/etc/pam.d/postgresql (PAM file)
#%PAM-1.0
auth required pam_unix.so
account required pam_unix.so
$PGDATA/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all pam pamservice=postgresql
# IPv4 local connections:
host all all 127.0.0.1/32 pam pamservice=postgresql
Session 1 Session 2
-bash-4.1$ psql -U postgres
Password for user postgres:
-bash-4.1$ tail -f postgresql-2013-04-26_000000.log
2013-04-26 20:08:16.605 IST-13943-postgres-postgres-[local] LOG: pam_authenticate failed: Conversation error
2013-04-26 20:08:16.606 IST-13943-postgres-postgres-[local] FATAL: PAM authentication failed for user "postgres"
2013-04-26 20:08:16.606 IST-13943-postgres-postgres-[local] LOG: could not send data to client: Broken pipe
In OS logs(/var/log/secure)Apr 26 20:11:03 localhost res [local] authentication: pam_unix(postgresql:auth): conversation failedApr 26 20:11:03 localhost res [local] authentication: pam_unix(postgresql:auth): auth could not identify password for [postgres]
I have not entered password in session 1 which was waiting for my password to enter, but logs are printed beforehand in both logs (OS/DB) as you see in session 2.
When, I enter password in session 1 which was waiting for password, it will immediately takes me into the database without any error.
Couple of question's in mind on this scenario:
1. Why database server logs shows lines beforehand as pam_authentication failed even though I have not typed password ?
2. Though logs show as PAM authentication failed, still user's are allowed into the database ?
3. What above log entries mean precisely ?
4. Was my PAM setup successful ?
Sorry for my too many questions, I just lost all of my endeavors to understand the above scenario.
Any help will be highly appreciated.
Thanks in advance.
---
Regards,
Raghavendra
