pam_pgsql.so, no joy :(

Almir Karic redduck666 at gmail.com
Thu Mar 29 01:52:59 UTC 2007 

##contenet of the pgsql table in question
vm06 03:50:58 ~ $ psql system
Welcome to psql 8.1.8, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
       \h for help with SQL commands
       \? for help with psql commands
       \g or terminate with semicolon to execute query
       \q to quit

system=> select * from users;
 username |  id  |  pw   | a
----------+------+-------+---
 rd666    | 2000 | almir | 0
(1 row)

system=>

###/etc/pam_pgsql.conf
database = system
user = redduck666
table = users
user_column = username
pwd_column = pw
#expired_column = a
#newtok_column = a
debug
pw_type = clear


##auth.log
Mar 29 03:52:22 chat sshd[5692]: Invalid user rd666 from 195.246.11.18
Mar 29 03:52:22 chat sshd[5692]: Failed none for invalid user rd666
from 195.246.11.18 port 62194 ssh2
Mar 29 03:52:24 chat PAM_pgsql[5692]: setting option: pw_type=>clear
Mar 29 03:52:24 chat PAM_pgsql[5692]: attempting to authenticate: rd666
Mar 29 03:52:24 chat PAM_pgsql[5692]: rd666
Mar 29 03:52:24 chat PAM_pgsql[5692]: query: SELECT pw FROM users
WHERE username='rd666'
Mar 29 03:52:24 chat sshd[5692]: (pam_unix) check pass; user unknown
Mar 29 03:52:24 chat sshd[5692]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=195.246.11.18
Mar 29 03:52:26 chat sshd[5692]: Failed password for invalid user
rd666 from 195.246.11.18 port 62194 ssh2



the sql query actually makes it to pgsql server, as i can see
''2007-03-29 03:52:24 CEST STATEMENT:  SELECT pw FROM users WHERE
username='rd666''' in pgsql logs.



###/etc/pam.d/common-*vm06 03:54:44 pam.d $ grep -v '^#\|^$' common-*
common-account:account sufficient      pam_pgsql.so
common-account:account  required        pam_unix.so
common-auth:auth    sufficient      pam_pgsql.so
common-auth:auth        required        pam_unix.so nullok_secure
common-password:password   sufficient pam_pgsql.so
common-password:password   required   pam_unix.so nullok obscure min=4 max=8 md5
common-session:session  required        pam_unix.so






any ideas how can i make pam (and ssh with it) authorize through pam?

-- 
almir

More information about the Pam-list mailing list