PostgreSQL pam ldap document

Adrian Nida wrote:

All,

I visited #postgresql @ FreeNode and asked about how to make pg use pam
about a week ago (specifically I wanted to auth against LDAP). I was
told to figure it out and write a doc...

Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL

Please review for accuracy and/or proofreading.

I get a "not exists" error on that URL.

I assume you looked at:

http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM

Do you have additions to it?

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

On Fri, Mar 11, 2005 at 11:42:53AM -0500, Bruce Momjian wrote:

Adrian Nida wrote:

All,

I visited #postgresql @ FreeNode and asked about how to make pg use pam
about a week ago (specifically I wanted to auth against LDAP). I was
told to figure it out and write a doc...

Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL

Please review for accuracy and/or proofreading.

I get a "not exists" error on that URL.

http://itc.musc.edu/wiki/PostgreSQL

(only 4 capital letters) works.

I assume you looked at:

http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM

Do you have additions to it?

'pears so :)

Cheers,
D
--
David Fetter david@fetter.org http://fetter.org/
phone: +1 510 893 6100 mobile: +1 415 235 3778

Remember to vote!

<Snip/>

Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL

<Snip/>

I get a "not exists" error on that URL.

Sorry, I renamed the URL after someone pointed out the correct spelling.
This was a link to the old one. I apologize for the confusion, the
right URL is:

http://itc.musc.edu/wiki/PostgreSQL

I assume you looked at:
http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
Do you have additions to it?

Yes, I did look at it. No offense to the original author, but my doc
has a lot more than the four sentences that are there. I was hoping it
would help others in my situation. Again any and all
comments/questions/blah are appreciated.

Thanks,

Adrian

* Adrian Nida <nida@musc.edu> [0307 18:07]:

<Snip/>

Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL

<Snip/>

I get a "not exists" error on that URL.

Sorry, I renamed the URL after someone pointed out the correct spelling.
This was a link to the old one. I apologize for the confusion, the
right URL is:

http://itc.musc.edu/wiki/PostgreSQL

I assume you looked at:
http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
Do you have additions to it?

Yes, I did look at it. No offense to the original author, but my doc
has a lot more than the four sentences that are there. I was hoping it
would help others in my situation. Again any and all
comments/questions/blah are appreciated.

I think the point he's trying to make is that most of your howto is
how to setup pg_hba.conf (which is in the docs anyway) and how to set up pam_ldap
for a service (which is really a pam howto).

It'd be nice if the docs at

http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM

said

'you need to createuser(8) a postgres user too. PAM is only used to
validate a username/password pair - the user has to exist in postgres as well.'

and it will, once it updates :)

--
'When the door hits you in the ass on the way out, clean off the smudge
your ass leaves, please'
-- Alien loves Predator
Rasputin :: Jack of All Trades - Master of Nuns

Addition added to PAM documentation. Patch attached and will appear in
8.0.3.

---------------------------------------------------------------------------

Dick Davies wrote:

* Adrian Nida <nida@musc.edu> [0307 18:07]:

<Snip/>

Here is my attempt at doing so: http://itc.musc.edu/wiki/PostGreSQL

<Snip/>

I get a "not exists" error on that URL.

Sorry, I renamed the URL after someone pointed out the correct spelling.
This was a link to the old one. I apologize for the confusion, the
right URL is:

http://itc.musc.edu/wiki/PostgreSQL

I assume you looked at:
http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM
Do you have additions to it?

Yes, I did look at it. No offense to the original author, but my doc
has a lot more than the four sentences that are there. I was hoping it
would help others in my situation. Again any and all
comments/questions/blah are appreciated.

I think the point he's trying to make is that most of your howto is
how to setup pg_hba.conf (which is in the docs anyway) and how to set up pam_ldap
for a service (which is really a pam howto).

It'd be nice if the docs at

http://www.postgresql.org/docs/8.0/interactive/auth-methods.html#AUTH-PAM

said

'you need to createuser(8) a postgres user too. PAM is only used to
validate a username/password pair - the user has to exist in postgres as well.'

and it will, once it updates :)

--
'When the door hits you in the ass on the way out, clean off the smudge
your ass leaves, please'
-- Alien loves Predator
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073