I'm trying to set up my DB to authenticate against a PAM back-end (in
this case just a plain old local password DB).
Here's my configuration as it currently stands:
positionwhile[pg]% grep pam /var/lib/pgsql/metadata/pg_hba.conf
# "krb4", "krb5", "ident", or "pam". Note that "password" sends
local authtest all pam
positionwhile[pg]% more /etc/pam.d/postgresql
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
The system is a CentOS 4.4 box, and I'm running PostgreSQL 8.0.6.
When I test the core pam functionality using pamtester, I get the
positionwhile[pamtester-0.1.2]% src/pamtester -v postgresql
pamtester: invoking pam_start(postgresql, mporwit, ...)
pamtester: performing operation - authenticate
pamtester: successfully authenticated
Looks like a success to me.
However, when I try to get psql to do password authentication, I get the
positionwhile[postgresql-8.0.13]% psql authtest
psql: FATAL: PAM authentication failed for user "mporwit"
And this shows up in my logs:
LOG: connection received: host=[local] port=
DEBUG: forked new backend, pid=1430 socket=11
DEBUG: received password packet
LOG: pam_authenticate failed: Authentication failure
FATAL: PAM authentication failed for user "mporwit"
DEBUG: reaping dead processes
DEBUG: server process (PID 1430) exited with exit code 0
Any insight here would be appreciated. Are there any other tweaks I may
mporwit [AT] yahoo-inc [DOT] com