CentOS 4.4 which means postgresql-server-7.4.13-2.RHEL4.1

I'm starting to deal with the notion of allowing other users access
(read only) to a db.

Experimenting on my own db...

host    all     main_user   trust
host    all     all    trust
host    all     craig  pam

because I want to use LDAP authentication via pam.

logs say...
Nov  8 20:18:26 srv1 postgresql: Starting postgresql service:  succeeded
Nov  8 20:18:39 srv1 postgres[21020]: PAM audit_open() failed:
Permission denied
Nov  8 20:18:39 srv1 postgres[21020]: [2-1] LOG:  pam_authenticate
failed: System error
Nov  8 20:18:39 srv1 postgres[21020]: [3-1] FATAL:  PAM authentication
failed for user "craig"

Below is pam info - if anyone can tell me how I might configure this so
I can authenticate via LDAP I would appreciate it.


# cat /etc/pam.d/postgresql
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

which was cribbed from /etc/pam.d/sshd

# cat /etc/pam.d/system-auth
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100
account     [default=bad success=ok
user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
account     required      /lib/security/$ISA/pam_permit.so

password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to