Hi All, I am trying to implement PAM on my local machine.
Below are the details of my setup: OS: RHEL 6 PG: 9.2.3 /etc/pam.d/postgresql (PAM file) #%PAM-1.0 auth required pam_unix.so account required pam_unix.so $PGDATA/pg_hba.conf # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only local all all pam pamservice=postgresql # IPv4 local connections: host all all 127.0.0.1/32 pam pamservice=postgresql Session 1 Session 2 -bash-4.1$ psql -U postgres Password for user postgres: -bash-4.1$ tail -f postgresql-2013-04-26_000000.log 2013-04-26 20:08:16.605 IST-13943-postgres-postgres-[local] LOG: pam_authenticate failed: Conversation error 2013-04-26 20:08:16.606 IST-13943-postgres-postgres-[local] FATAL: PAM authentication failed for user "postgres" 2013-04-26 20:08:16.606 IST-13943-postgres-postgres-[local] LOG: could not send data to client: Broken pipe In OS logs(/var/log/secure) Apr 26 20:11:03 localhost res [local] authentication: pam_unix(postgresql:auth): conversation failed Apr 26 20:11:03 localhost res [local] authentication: pam_unix(postgresql:auth): auth could not identify password for [postgres] I have not entered password in session 1 which was waiting for my password to enter, but logs are printed beforehand in both logs (OS/DB) as you see in session 2. When, I enter password in session 1 which was waiting for password, it will immediately takes me into the database without any error. Couple of question's in mind on this scenario: 1. Why database server logs shows lines beforehand as pam_authentication failed even though I have not typed password ? 2. Though logs show as PAM authentication failed, still user's are allowed into the database ? 3. What above log entries mean precisely ? 4. Was my PAM setup successful ? Sorry for my too many questions, I just lost all of my endeavors to understand the above scenario. Any help will be highly appreciated. Thanks in advance. --- Regards, Raghavendra
