Your message dated Fri, 10 Sep 2010 21:03:16 +0000
with message-id <[email protected]>
and subject line Bug#594721: fixed in pam-pgsql 0.7.1-3
has caused the Debian Bug report #594721,
regarding Authentication against postgres users require unencrypted passwords
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
594721: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594721
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: libpam-pgsql: Authentication against postgres users require
unencrypted passwords
Package: libpam-pgsql
Version: 0.7.1-2
Severity: normal
When you want to have fallback authentication schemes in postgresql, you need to
set up postgres to use pam, and then pam to use postgresql and others.
This can be accomplished with having pam rather than md5 in pg_hba.conf file.
Then you need to set up /etc/pam.d/postgres like
auth sufficient pam_pgsql.so
account sufficient pam_pgsql.so
And finally have /etc/pam_pgsql.conf like:
database = postgres
user = postgres
table = pg_catalog.pg_shadow
user_column = usename
pwd_column = passwd
;expired_column = acc_expired
;newtok_column = acc_new_pwreq
debug=1
The problem is that the hashed passwords of postgres uses an unsupported
algorithm, returning 'md5'||md5hash(password||login)
The only way I found to have pam support in postgres works is to add to
pam_pgsql.conf:
pw_type=clear
and in postgresql.conf
password_encryption = off
then restart postgres then reset my password.
Storing plaintext password is obviously Bad. IMHO, requiring that looks like a
major problem.
pam-pgsql should support postgres own hash algorithm.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-pgsql depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libpam0g 1.1.1-4 Pluggable Authentication Modules l
ii libpq5 8.4.4-2 PostgreSQL C client library
libpam-pgsql recommends no packages.
libpam-pgsql suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: pam-pgsql
Source-Version: 0.7.1-3
We believe that the bug you reported is fixed in the latest version of
pam-pgsql, which is due to be installed in the Debian FTP archive:
libpam-pgsql_0.7.1-3_amd64.deb
to main/p/pam-pgsql/libpam-pgsql_0.7.1-3_amd64.deb
pam-pgsql_0.7.1-3.debian.tar.gz
to main/p/pam-pgsql/pam-pgsql_0.7.1-3.debian.tar.gz
pam-pgsql_0.7.1-3.dsc
to main/p/pam-pgsql/pam-pgsql_0.7.1-3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jan Dittberner <[email protected]> (supplier of updated pam-pgsql package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Sep 2010 22:35:05 +0200
Source: pam-pgsql
Binary: libpam-pgsql
Architecture: source amd64
Version: 0.7.1-3
Distribution: unstable
Urgency: low
Maintainer: Jan Dittberner <[email protected]>
Changed-By: Jan Dittberner <[email protected]>
Description:
libpam-pgsql - PAM module to authenticate using a PostgreSQL database
Closes: 594721 596375
Changes:
pam-pgsql (0.7.1-3) unstable; urgency=low
.
* add debian/patches/md5postgres_594721.patch to add support for
PostgreSQLs own md5 passwords (Closes: #594721)
* add debian/postinst to set pw_type = clear on upgrades from version
< 0.7.1 where no pw_type has been specified. The default password
type has been changed from clear to sha1 (Closes: #596375)
Checksums-Sha1:
08d06af2f8119855f12b5cb0bfa0893806ae2475 1908 pam-pgsql_0.7.1-3.dsc
508469805e56c57260e9283ea29f5fac3a4ac2ac 11027 pam-pgsql_0.7.1-3.debian.tar.gz
43d8c8961b53193e69408b25edcbcbae74fa71a6 28978 libpam-pgsql_0.7.1-3_amd64.deb
Checksums-Sha256:
057f3e7d2cc7cd63fc6000476d3abb4f7f08075bfda61b9038036fc0156aa332 1908
pam-pgsql_0.7.1-3.dsc
84cd74d56b61ba3dbbd6ac1362633a32e4561c35f0373aebb0680427888f558e 11027
pam-pgsql_0.7.1-3.debian.tar.gz
243213289bdc8ed5691c1a8f2b886eb407fe34f60652881df7ed9e65aac4b538 28978
libpam-pgsql_0.7.1-3_amd64.deb
Files:
37f7cc4e2f52961547d38f31a393b37c 1908 admin extra pam-pgsql_0.7.1-3.dsc
d066b4ee6bb8a80daec1285341fb27cb 11027 admin extra
pam-pgsql_0.7.1-3.debian.tar.gz
ee96fc4a9c5af1e36d97445ad05c3cf4 28978 admin extra
libpam-pgsql_0.7.1-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJMipcbAAoJEKc+AFVVj7jd8LkQANqrsfA38gz6EMKL13kDUbW6
ouiUSzXH7nHbAmIxuowdXM2UiBDHxFNDdunhn1GQS2tqQOr9yO7Ybt7lwI62rB9i
i+Ui0m+QhpdOfuSkA9aetHtNb6aiOb2qRCWEzB011rC4MsoaLe8eyKtmg3L9DlOK
Fj0AA9i9TbYhTOm0PkMta2ZcVs9HpuGsrhIKYJsw1AdaGbykRt1nBVVT6KRTFe/i
rnBIICrWa6ZJ8ePbW9V60uqiXpndkRt2ciUNL4zPSWqR6zjBB5HeR0xb6Kqo9iln
IHvbH7xT7gZ2DOunCP1ZL6tOX9+tg4uv7bkfcIUvM0tMC21kDEoF0FsukR2mRPY/
7yt1snw8RQYNGgjuo4MmaoEh+drt4jaf34V2GhGgacLuGmZHXlZOGfphheAzIWYe
D7qcJjxAH0HJaUJekAXov/vBOCxF6/fhIHAQGBQROlDN/K65x2HPAyIMzTOEJgR7
hgcu/vjxkF6MHGifGCOUnAA1gEiSCX3EoorKN/02Bj+cOGlJS/35DATTMFBhmAkQ
SuWGygokALPhsweXL+Fkkv/yvOE+UWekUE+yipGmItKYH+n+zL+0nfT8dLGe2q8q
upFhnQ21YJaBt+LuZyNgfWnggAa65dBc1QjXMFLPwKhYLcNwsJvMp2ZPMh6IGiu9
36hbItkXYG0fWGyY0ky4
=Qnvt
-----END PGP SIGNATURE-----
--- End Message ---
