Hi, I'm running postgresql 8.0.rc5 on SUSE.
I have the pg_hba.conf file configured with
local all smith ident sameuser
host all smith ident sameuser

The way authentication works with that is that configuration is that if
I'm logged in as smith with my company ldap server I can get in, but if
I'm not directly logged in as smith, I can't get in. Having the word
pam in this file at all causes an error. I'd like to use pam so
postgres could do it's own ldap/pam lookups, but I keep getting an error
that it doesn't know what pam is. I see in the logs that the pam server
starts, but I still get an error. With pam listed I get the red X. An
error has occured. Error connecting to the server: FATAL: missing or
erroneous pg_hba.conf HINT: See server log for details. See server log
details below. What's wrong with syntax of my pg_hba.conf file? I've
tried pam in all caps, adding postgresql after pam and adding
pg_hba.conf after pam in pg_hba.conf, none of which helps. Thanks for
any tips. It's harder to play once these systems hit production.

serverlog
LOG: database system was shut down at 2005-01-14 13:34:47 EST
LOG: checkpoint record is at 0/AEA370
LOG: redo record is at 0/AEA370; undo record is at 0/0; shutdown TRUE
LOG: next transaction ID: 628; next OID: 17232
LOG: database system is ready
LOG: invalid entry in file
"/sqldata/Linux.pgsql/tarpon5432/pg_hba.conf" at line 66, token "pam"
FATAL: missing or erroneous pg_hba.conf file
HINT: See server log for details.

/var/log/messages
Jan 14 13:37:23 tarpon su: (to root) postgres on /dev/pts/0
Jan 14 13:37:23 tarpon su: pam_unix2: session started for user root,
service su

/etc/pam.d/postgresql
auth required pam_unix2.so nullok
account required pam_unix2.so
D.J. Kavan



---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

* Kavan, Dan (IMS) <KavanD@imsweb.com> [0149 18:49]:
>
> Hi, I'm running postgresql 8.0.rc5 on SUSE.
> I have the pg_hba.conf file configured with
> local all smith ident sameuser
> host all smith ident sameuser
>
> The way authentication works with that is that configuration is that if
> I'm logged in as smith with my company ldap server I can get in, but if
> I'm not directly logged in as smith, I can't get in. Having the word
> pam in this file at all causes an error. I'd like to use pam so
> postgres could do it's own ldap/pam lookups, but I keep getting an error
> that it doesn't know what pam is. I see in the logs that the pam server
> starts, but I still get an error.

You didn't show the broken config, but assuming it's something like

# TYPE DATABASE USER IP-ADDRESS IP-MASK METHOD
hostssl all all 127.0.0.1 255.255.255.255 pam

then perhaps you don't have pam support built into postgres?


> /etc/pam.d/postgresql
> auth required pam_unix2.so nullok
> account required pam_unix2.so

This is going to do unix auth, obviously, so you'll need to s/unix/ldap/ on that...

--
'You may need to metaphorically make a deal with the devil.
By 'devil' I mean robot devil and by 'metaphorically' I mean get your coat.'
-- Bender
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org