Participants
PMC OS
PMC OS
Craig Ringer
Craig Ringer
Attachments
Show all attachments
Thread Outline
#1PMC OSPMC OS
Aug 24, 2010
#2PMC OSPMC OSto PMC OS (#1)
Aug 24, 2010
#3...#6
Craig RingerPMC OS
to PMC OS (#1)
Aug 25, 2010
#3Craig RingerCraig Ringerto PMC OS (#1)
Aug 25, 2010
#4PMC OSPMC OSto Craig Ringer (#3)
Aug 25, 2010
#5Craig RingerCraig Ringerto PMC OS (#4)
Aug 25, 2010
#6PMC OSPMC OSto Craig Ringer (#5)
Aug 25, 2010

How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?

Started by PMC OSover 15 years ago6 messagesgeneral
Jump to latest
#1PMC OS
PMC OS
pmcos-support@freenet.de

Hello,

I am new to Linux and setup 6 Computers with Debian:

1) 2 Workstations
2) 2 Intranet Servers
3) PostgreSQL Server
4) Router

The two Intranet Servers are now working with NFSv4/TCP, Apache2 with suphp and php5, courier-imap/mta/mlm

My Router is working to and use IPT, bind9 and apache2 with mod_proxy forwarding traffic to the two Intranet Servers.

Also the Workstations are working fine.

Now I like to switch with the authentification to libpam-pgsql/libnss-pgsql2 but I hit a problem with the PostgreSQL, because it refuse any connections from the network.

I have setup in the postgresql.conf

listen_addresses = '192.168.0.3'

and in the pg_hba.conf

local all postgres ident sameuser
host system root 192.168.0.0/24 md5

now restarted postgresql and "system" with the psql commandline tool. Then imported the SQL Scheme from libpam-pgsql.

OK, now on a workstation I installed libpam-pgsql and libnss-pgsql2 leave a terminal open to revert the PAM/NSS files if something goes wrong and setup the files

/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-password

to use the PostgreSQL database and now I was XXXX! nothing is working anymore. I can not even connect to the PostgreSQL server.

Can someone tell me please, how to setup PostgreSQL so I can use it with libpam-pgsql and libnss-pgsql2?

Thanks
PCMOS

freenetMail mobil – Alle E-Mails auf Ihrem Handy versenden und empfangen.
Jetzt kinderleicht und kostenlos einrichten. http://tls.freenet.de/tipp/handymail/index.html

#2PMC OS
PMC OS
pmcos-support@freenet.de
In reply to: PMC OS (#1)
Re: How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?

OK, now I can connect to the PostgreSQL Server but it is weird...

-----Ursprüngliche Nachricht-----
and in the pg_hba.conf
local all postgres ident sameuser
host system root 192.168.0.0/24 md5

I can not use "root" as the owner of the database...

Now I have created a user named "system" and changed from "root" to "system" is now working

Can someone tell me the command line, how to restrict the access to DB "system" to user "system" only?

Thanks

--

Exklusiv: Neue E-Mail-Adresse @iPhone.de jetzt verfügbar!
Sichern Sie sich jetzt ihre persönliche http://www.iphone.de/iphonemail/index.html?pid=10111947021

Import Notes
Resolved by subject fallback
#3Craig Ringer
Craig Ringer
craig@2ndquadrant.com
In reply to: PMC OS (#1)
Re: How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?

On 25/08/2010 3:02 AM, PMC OS wrote:

I am new to Linux

[snip]

Now I like to switch with the authentification to libpam-pgsql/libnss-pgsql2

Honestly, in most cases you'll be much better off managing
authentication with LDAP. It's a better design for the nature of
authentication and user data management, where it has to handle lots of
small read queries and only very rare writes. It also has better
replication.

Even if you're not using Samba, the smbldap-tools provide handy commands
to manage users in the LDAP directory, and the debian ldap-auth-client
package provides a convenient way to configure a client to authenticate
against the directory.

Initial setup takes a little learning, but is well worth it.

If you later find that you need to store user data in a relational
database for some reason, you can even configure slapd to use the
database as a backend, so you're using PostgreSQL behind the scenes but
your clients still talk LDAP. I've never found the need, though; I run
the network at the business I'm sysadmin at with pure LDAP
authentication (slapd, berkely db backend) quite happily.

to use the PostgreSQL database and now I was XXXX! nothing is working anymore. I can not even connect to the PostgreSQL server.

Even via "psql -h 192.168.0.3" ?

Can you ping it?

If you run "ps aux | grep postgres" on the server, are there any
postgresql processes running?

If you run "psql" on the server, can it connect? If not, what's the
error message?

If you look at /var/log/postgresql on the server, what are the last few
lines in the logs?

--
Craig Ringer

#4PMC OS
PMC OS
pmcos-support@freenet.de
In reply to: Craig Ringer (#3)
Re: How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?

Good morning,

-----Ursprüngliche Nachricht-----
Von: Craig Ringer
Honestly, in most cases you'll be much better off managing
authentication with LDAP. It's a better design for the nature of
authentication and user data management, where it has to handle lots
of
small read queries and only very rare writes. It also has better
replication.

We are only 20 persones in total and do not have the need to handel several 100 or 1000 requests in a short time

Also since we do much more with the database we need it anyway and LDAP would get its data from PostgreSQL... because I do not like to maintain two systems at once which can do the same job.

Have now installed slapd on my OMAP L138 but now it has crashed the kernel and I cna not more boot the server because it want o init slapd and crash.

Even if you're not using Samba, the smbldap-tools provide handy
commands
to manage users in the LDAP directory,

How does this manage the user accountts and there homes?
It does not seem to create $HOME and copy the files from /etc/skel which I have already prepared...

and the debian
ldap-auth-client
package provides a convenient way to configure a client to
authenticate
against the directory.

I have not found this package

apt-cache show ldap-auth-client
W: Kann Paket ldap-auth-client nicht finden
E: Keine Pakete gefunden

Even via "psql -h 192.168.0.3" ?

Now it works... (see other mail) I was not able to conenct as "root" and had to create an other user "system" and now I can connect

Have a nice day

Exklusiv: Neue E-Mail-Adresse @iPhone.de jetzt verfügbar!
Sichern Sie sich jetzt ihre persönliche http://www.iphone.de/iphonemail/index.html?pid=10111947021

Import Notes
Resolved by subject fallback
#5Craig Ringer
Craig Ringer
craig@2ndquadrant.com
In reply to: PMC OS (#4)
Re: How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?

On 25/08/10 14:18, PMC OS wrote:

Good morning,

-----Ursprüngliche Nachricht-----
Von: Craig Ringer
Honestly, in most cases you'll be much better off managing
authentication with LDAP. It's a better design for the nature of
authentication and user data management, where it has to handle lots
of
small read queries and only very rare writes. It also has better
replication.

We are only 20 persones in total and do not have the need to handel several 100 or 1000 requests in a short time

Also since we do much more with the database we need it anyway and LDAP would get its data from PostgreSQL... because I do not like to maintain two systems at once which can do the same job.

Well, fair enough then. Personally with that many people I'd certainly
want to use LDAP (for lower response latencies if nothing else), but
each to their own.

You'll probably want to use nscd on the client machine(s) to take some
of the load off Pg.

Have now installed slapd on my OMAP L138 but now it has crashed the kernel and I cna not more boot the server because it want o init slapd and crash.

That's ... surprising.

Kernel panic? Or is it just that slapd is crashing?

How does this manage the user accountts and there homes?
It does not seem to create $HOME and copy the files from /etc/skel which I have already prepared...

Most likely the same way you'll be doing it with pam auth against
postgresql: pam_mkhomedir . It has a decent man page.

I have not found this package

apt-cache show ldap-auth-client
W: Kann Paket ldap-auth-client nicht finden
E: Keine Pakete gefunden

My bad. Looks like it's an Ubuntu extension, just a metapackage that
pulls in libnss-ldap and libpam-ldap and provides a bit of config
support for them.

--
Craig Ringer

Tech-related writing: http://soapyfrogs.blogspot.com/

#6PMC OS
PMC OS
pmcos-support@freenet.de
In reply to: Craig Ringer (#5)
Re: How to setup PostgreSQL to work with libpam-pgsql/libnss-pgsql2?

Good evening,

-----Ursprüngliche Nachricht-----
Von: Craig Ringer

Have now installed slapd on my OMAP L138 but now it has crashed the
kernel and I cna not more boot the server because it want o init
slapd and crash.

That's ... surprising.
Kernel panic? Or is it just that slapd is crashing?

First PostgreSQL is started and then it try to start slapd and the whole system panics. I have the problem with several programs which want run on ARMEL architecture even if there are compiled for it.

I use the Debian standard distribution Lenny and Squeeze but I am ongoing to recompile the whole system for EmDebian if my Shiva-Plug

apt-cache show ldap-auth-client
W: Kann Paket ldap-auth-client nicht finden
E: Keine Pakete gefunden

My bad. Looks like it's an Ubuntu extension, just a metapackage that
pulls in libnss-ldap and libpam-ldap and provides a bit of config
support for them.

:-/

Greetings

freenetMail mobil – Alle E-Mails auf Ihrem Handy versenden und empfangen.
Jetzt kinderleicht und kostenlos einrichten. http://tls.freenet.de/tipp/handymail/index.html

Import Notes
Resolved by subject fallback
← Back to Topics