Tom Lane wrote: > Craig White <craigwhite@xxxxxxxxxxx> writes: > > I haven't had to fool too much with pam for authenticating other > > services so I'm a little bit out of my knowledge base but I know that it > > was simple to add netatalk into the pam authentication and expected that > > postgresql would be similar. > > FWIW, we ship this PAM config file in the Red Hat PG RPMs: > > #%PAM-1.0 > auth include system-auth > account include system-auth > > which AFAIR looks about the same as the corresponding files for other > services. It's installed as /etc/pam.d/postgresql. For this to work you need a system-auth file in /etc/pam.d, which would have lines for auth/account/required etc, and not just "includes". PAM seems to be another area on which Linux distributors have been diverging wildly for a long time; for example here on Debian the include lines look like auth requisite pam_nologin.so auth required pam_env.so @include common-auth @include common-account session required pam_limits.so so I doubt one distro's config files are applicable to any other. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support
