Search Postgresql Archives

Re: Anyone? Best way to authenticate postgres against

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks I've been trying to use pam_ldap but I keep getting this error from postgres.  I think it may have something to do with postgres running as the postgres user and not having permissions to something, but I have no idea what. 

LOG:  pam_authenticate failed: Conversation error
FATAL:  PAM authentication failed for user "bkelly"
LOG:  could not send data to client: Broken pipe
LOG:  pam_authenticate failed: User not known to the underlying authentication module
FATAL:  PAM authentication failed for user "bkelly"

this is my pam.d/postgresql file:
#####
auth           required        /lib/security/pam_ldap.so debug
account         required        /lib/security/pam_ldap.so debug
#####





Magnus Hagander wrote: 
On Mon, Dec 18, 2006 at 08:23:08PM -0600, Derrick wrote:
  
I've been struggling with pam_ldap and a windows 2003 active directory 
server, trying to get postgres to authenticate against it.  I'm 
wondering what the best way to get postgres to authenticate against 
windows active directory would be?  I've posted the problem on the 
general mail list that I was having with pam_ldap but no response.  Any 
ideas, how to's, or good links would be much appreciated, and I'm under 
a time constraint.  Thanks a million in advance.
    

You can do this three different ways:
1) You can do it with Kerberos. This is a bit tricky to get working, but
it can be done. This will give you single-sign-on, and not just the same
password. A large downside is that this is not supported by all
interfaces, for examlpe it's not supported with JDBC or .NET.

2) You can use the native LDAP authentication that's available in 8.2. I
specifically created it to be used in one of my own Active Directory
installations, so I know it works there (thuogh it of course works with
other LDAP installs as well).

3) You can use pam_ldap. Never done that myself, but I've heard of
others having some problems with it before, so I would definitly advise
you to use option 2 for simple LDAP auth.

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux