| From: | Craig White <craigwhite(at)azapple(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: authentication question |
| Date: | 2006-11-09 20:07:37 |
| Message-ID: | 1163102857.20305.13.camel@lin-workstation.azapple.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, 2006-11-09 at 16:34 -0300, Alvaro Herrera wrote:
> Tom Lane wrote:
> > Craig White <craigwhite(at)azapple(dot)com> writes:
> > > I haven't had to fool too much with pam for authenticating other
> > > services so I'm a little bit out of my knowledge base but I know that it
> > > was simple to add netatalk into the pam authentication and expected that
> > > postgresql would be similar.
> >
> > FWIW, we ship this PAM config file in the Red Hat PG RPMs:
> >
> > #%PAM-1.0
> > auth include system-auth
> > account include system-auth
> >
> > which AFAIR looks about the same as the corresponding files for other
> > services. It's installed as /etc/pam.d/postgresql.
>
> For this to work you need a system-auth file in /etc/pam.d, which would
> have lines for auth/account/required etc, and not just "includes".
>
> PAM seems to be another area on which Linux distributors have been
> diverging wildly for a long time; for example here on Debian the include
> lines look like
>
> auth requisite pam_nologin.so
> auth required pam_env.so
> @include common-auth
> @include common-account
> session required pam_limits.so
>
> so I doubt one distro's config files are applicable to any other.
----
and I'm on a Red Hat system which obviously Tom is familiar with since
he is the packager for RH / postgres but I don't think that is the issue
but I have adopted his pam file.
Thanks
Craig
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jorge Godoy | 2006-11-09 20:50:37 | Re: Why overlaps is not working |
| Previous Message | Jeff Davis | 2006-11-09 20:05:04 | Re: autovacuum blues |