Re: authentication question

From: Craig White <craigwhite(at)azapple(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: authentication question
Date: 2006-11-09 15:59:52
Message-ID: 1163087993.19049.4.camel@lin-workstation.azapple.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Thu, 2006-11-09 at 12:34 -0300, Alvaro Herrera wrote:
> Craig White wrote:
>
> > logs say...
> > Nov 8 20:18:26 srv1 postgresql: Starting postgresql service: succeeded
> > Nov 8 20:18:39 srv1 postgres[21020]: PAM audit_open() failed:
> > Permission denied
> > Nov 8 20:18:39 srv1 postgres[21020]: [2-1] LOG: pam_authenticate
> > failed: System error
> > Nov 8 20:18:39 srv1 postgres[21020]: [3-1] FATAL: PAM authentication
> > failed for user "craig"
>
> I'm not at all familiar with PAM error message wording, but are you
> aware that you must create the user "craig" inside the database _as
> well_ as on whatever PAM layer you use?
>
> The "audit_open(): Permission denied" message sounds like Postgres is
> not authorized to consult PAM though.
----
I did create a user 'craig' in postgres but I agree, that isn't the
issue at this point.

I checked the source rpm to make sure that it was compiled with the pam
option and it appears to me that it was.

I haven't had to fool too much with pam for authenticating other
services so I'm a little bit out of my knowledge base but I know that it
was simple to add netatalk into the pam authentication and expected that
postgresql would be similar.

I have to believe that other people are using pam for authentication
because otherwise, you have to have maintain passwords for each user
within postgresql itself - which seems unwise for many sites.

Still struggling with this...

Craig

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2006-11-09 16:51:33 Re: authentication question
Previous Message Shoaib Mir 2006-11-09 15:56:23 Re: cannot connect anymore from a remote host