Hi,

I'm running 9.1.2 on FreeBSD 9, installed via OS vendor package, and
trying to get PAM auth to work.

From what I've read, this should be as simple as the following
/usr/local/share/postgres/pg_hba.conf:

host all all 0.0.0.0/0 pam postgresql
local all all 0.0.0.0/0 pam postgresql

(I'm using my firewall for access control.)

After restarting postgresql, users are still not being prompted for
passwords. Here's my /usr/local/etc/pam.d/postgresql file:

auth sufficient /usr/local/lib/pam_ldap.so no_warn
auth required pam_unix.so no_warn try_first_pass nullok
account include system
session include system
password include system

Hoping to see some auth debugging, I set log_min_messages and
client_min_messages to debug5. Syslog sends local0 to
/var/log/postgres, but nothing on auth appears.

Any suggestions on how I can debug postgres authentication? Or am I
looking in the completely wrong place?

Thanks for any advice,
==ml

--
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery
mwlucas (AT) BlackHelicopters (DOT) org, Twitter @mwlauthor

--
Sent via pgsql-novice mailing list (pgsql-novice (AT) postgresql (DOT) org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice

"Michael W. Lucas" <mwlucas (AT) blackhelicopters (DOT) org> writes:
Um ... that is not where the pg_hba.conf file should go, in any standard
configuration. Try putting it in your $PGDATA directory. (Actually I
think "show hba_file;" should tell you where the database thinks it
should be.)

I think the last field needs to read "pamservice=postgresql".

I'm not qualified to debug your pam configuration file, but from the
symptoms it sounds like the database isn't looking at it yet.

regards, tom lane

--
Sent via pgsql-novice mailing list (pgsql-novice (AT) postgresql (DOT) org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice

On 07/06/2012 20:03, Michael W. Lucas wrote:
Standard location on FreeBSD is /usr/local/pgsql/data/pg_hba.conf

Cheers,

Matthew

--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew (AT) infracaninophile (DOT) co.uk Kent, CT11 9PW




-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/RB+cACgkQ8Mjk52CukIwH3wCfQ3ZCWei/M8NqQzDZrho73hHV
UU8An1DJ/l3YPE8w5CJCCDn5+ANfmEbO
=RQmG
-----END PGP SIGNATURE-----

On Thu, Jun 07, 2012 at 08:58:21PM +0100, Matthew Seaman wrote:
I'm glad that this list is advertised as "no question too daft for
us!" Otherwise, I'd be deeply and thoroughly embarrassed.

Thanks, folks.

==ml

--
Michael W. Lucas
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery
mwlucas (AT) BlackHelicopters (DOT) org, Twitter @mwlauthor

--
Sent via pgsql-novice mailing list (pgsql-novice (AT) postgresql (DOT) org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-novice