| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Eamonn Martin <mas01em(at)gold(dot)ac(dot)uk>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Sharing /etc/passwd with PostgreSQL |
| Date: | 2009-08-08 00:57:31 |
| Message-ID: | 20090808005731.GM5290@alvh.no-ip.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Tom Lane wrote:
> Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> > You can authenticate users with PAM, which amounts more or less to the
> > same thing.
>
> I believe though that using PAM against /etc/shadow would require the
> postmaster to run as root. You need some external authentication
> server; PAM by itself isn't going to solve it. Maybe LDAP or Kerberos?
At least my system seems to provide a setgid helper program that's
supposed to read /etc/shadow, to work around this problem.
BTW I notice that this does not work unless the client supplies the
password the first time around; psql does not retry. It only works if I
do "psql -W".
--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-08-08 01:07:29 | Re: Sharing /etc/passwd with PostgreSQL |
| Previous Message | Tom Lane | 2009-08-08 00:40:25 | Re: Sharing /etc/passwd with PostgreSQL |