Just in case others follow in my footsteps - this may prove to be helpful. Summary of problem: CentOS 4.4 - SELinux enabled - authorizing pam based users ### Created file /etc/pam.d/postgresql (I'm using LDAP) [*] # cat /etc/pam.d/postgresql #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so ### Set SELinux security contexts for this file.... # chcon -u system_u -r object_r /etc/pam.d/postgresql ### Already had installed rpm selinux-policy-targeted-sources ### You will need this package ### ### Added to file /etc/selinux/src/targeted/policy/domains/local.te # cat /etc/selinux/targeted/src/policy/domains/local.te # postgres/pam allow postgresql_t self:netlink_audit_socket create; allow postgresql_t self:netlink_audit_socket nlmsg_relay; allow postgresql_t self:netlink_audit_socket read; allow postgresql_t self:netlink_audit_socket write; allow postgresql_t var_lib_t:file read; ### the last line of the changes to local.te were necessary only for ### postgresql user to be able to read /var/lib/pgsql/.ldaprc ### ### now load this new policy into selinux # cd /etc/selinux/targeted/src/policy # make reload Now, I am able to log in as a user from LDAP - with the obvious provisions that the user is a user in postgres (password not needed since that is from LDAP), and pg_hba.conf is properly configured. [*] Tom's suggestion for /etc/pam.d/postgresql file #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth Thanks Tom/Alvaro Craig
