| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Satoshi Nagayasu <nagayasus(at)nttdata(dot)co(dot)jp> |
| Cc: | Albe Laurenz <all(at)adv(dot)magwien(dot)gv(dot)at>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PAM auth |
| Date: | 2006-06-20 11:06:55 |
| Message-ID: | 4497D6CF.2030007@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Satoshi Nagayasu wrote:
>Albe,
>
>Albe Laurenz wrote:
>
>
>>/etc/pam.d/system-auth probably uses pam_unix.so to authenticate.
>>
>>Does the user exist on the machine and have the password you try?
>>
>>
>
>Yes, I have same user name on my linux box and postgresql,
>and they have same password (now).
>
>
>
>>You could add 'debug' to the pam_unix.so lines in /etc/pam.d/system-auth
>>and capture what PAM logs to syslog, maybe that will help.
>>
>>
>
>Finally, by my small program, I found the PAM module is attempting
>to read /etc/shadow to authenticate, but /etc/shadow can't be read
>by non-superuser privilege.
>
>I know, the postmaster is running under "postgres" user privilege,
>so PAM auth will always cause 'permission denied' around /etc/shadow.
>
>How can I solve this? Any ideas?
>
don't use system auth. PAM can authenticate from many sources, not just
the system password files. LDAP is a commonly used source.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2006-06-20 11:11:36 | Re: CVS HEAD busted on Windows? |
| Previous Message | ohp | 2006-06-20 09:50:55 | pltcl -- solved |