[Pkg-postgresql-public] Bug#692480: pam-auth-config, lib(pam|nss)-ldapd broke again 'pam' authentication in postgres.
Marco Gaiarin
gaio at sv.lnf.it
Tue Nov 6 15:39:30 UTC 2012
Package: postgresql-common
Version: 113+squeeze1
An old issue come back, see:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217891
I've just migrated from lenny to squeeze (better later then ever... ;),
and so moved from lib(pam|nss)-ldap and custom /etc/pam.d/common-*
files to lib(pam|nss)-ldapd, nslcd and pam-auth-update.
After doing that, pam, auth does not work anymore in postgres, i got:
Nov 5 09:00:00 dixie unix_chkpwd[28119]: check pass; user unknown
Nov 5 09:00:00 dixie unix_chkpwd[28119]: password check failed for user (aleggi)
Nov 5 09:00:00 dixie .5.2.219(1308) authentication: pam_unix(postgresql:auth): authentication failure; logname= uid=110 euid=110 tty= ruser= rhost= user=aleggi
Nov 5 09:00:00 dixie unix_chkpwd[28120]: could not obtain user info (aleggi)
After fiddling a bit, i've created /etc/pam.d/postgresql with inside:
auth required pam_ldap.so minimum_uid=1000
account required pam_ldap.so minimum_uid=1000
password required pam_deny.so
session required pam_permit.so
I don't need/use /etc/(passwd|shadow) auth, so i've used only ldap, and
i've disabled session because i don't need session management in
postgres, and because the culprit seems to come from here.
Feel free to ask more feedback, it was a production server and so... i
need a quick fix. ;)
Thanks.
More information about the Pkg-postgresql-public
mailing list