pam_pgsql.so, no joy :(
Almir Karic
redduck666 at gmail.com
Thu Mar 29 01:52:59 UTC 2007
##contenet of the pgsql table in question
vm06 03:50:58 ~ $ psql system
Welcome to psql 8.1.8, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
system=> select * from users;
username | id | pw | a
----------+------+-------+---
rd666 | 2000 | almir | 0
(1 row)
system=>
###/etc/pam_pgsql.conf
database = system
user = redduck666
table = users
user_column = username
pwd_column = pw
#expired_column = a
#newtok_column = a
debug
pw_type = clear
##auth.log
Mar 29 03:52:22 chat sshd[5692]: Invalid user rd666 from 195.246.11.18
Mar 29 03:52:22 chat sshd[5692]: Failed none for invalid user rd666
from 195.246.11.18 port 62194 ssh2
Mar 29 03:52:24 chat PAM_pgsql[5692]: setting option: pw_type=>clear
Mar 29 03:52:24 chat PAM_pgsql[5692]: attempting to authenticate: rd666
Mar 29 03:52:24 chat PAM_pgsql[5692]: rd666
Mar 29 03:52:24 chat PAM_pgsql[5692]: query: SELECT pw FROM users
WHERE username='rd666'
Mar 29 03:52:24 chat sshd[5692]: (pam_unix) check pass; user unknown
Mar 29 03:52:24 chat sshd[5692]: (pam_unix) authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=195.246.11.18
Mar 29 03:52:26 chat sshd[5692]: Failed password for invalid user
rd666 from 195.246.11.18 port 62194 ssh2
the sql query actually makes it to pgsql server, as i can see
''2007-03-29 03:52:24 CEST STATEMENT: SELECT pw FROM users WHERE
username='rd666''' in pgsql logs.
###/etc/pam.d/common-*vm06 03:54:44 pam.d $ grep -v '^#\|^$' common-*
common-account:account sufficient pam_pgsql.so
common-account:account required pam_unix.so
common-auth:auth sufficient pam_pgsql.so
common-auth:auth required pam_unix.so nullok_secure
common-password:password sufficient pam_pgsql.so
common-password:password required pam_unix.so nullok obscure min=4 max=8 md5
common-session:session required pam_unix.so
any ideas how can i make pam (and ssh with it) authorize through pam?
--
almir
More information about the Pam-list
mailing list