[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Sat, 2006-03-04 at 22:34 +0000, Simon Waters wrote:
> Benjamin A'Lee wrote:
> Can you not debug using "login" rather than ssh, as ssh adds a whole
> load of extra complexity (although it has good debug options). I'm
> thinking it could be something other than just the authentication.
I was trying to avoid it as the KVM is very dodgy (then again, so is the
network).
> > Any suggestions?
>
> Post /etc/pam_pgsql.conf (less secrets)
database = system
user = system
table = system
password = longwindedandhardtorememberobscurequotation
user_column = login
pwd_column = passwd
expired_column = enabled
newtok_column = pwdexpired
> Post database layout, is password encrypted or clear, and if encrypted how.
This is mostly just the example from the libnss-pgsql package:
CREATE TABLE "groups" ("gid" serial NOT NULL,"name" character
varying(16) NOT NULL, "descr" character varying, "passwd" character
varying(20),PRIMARY KEY ("gid"));
CREATE TABLE "accounts" ("uid" serial NOT NULL,"login" character
varying(8) NOT NULL,"passwd" character varying(30) NOT NULL,"shell"
character varying DEFAULT '/bin/bash' NOT NULL,"homedir" character
varying NOT NULL,"pwdexpire" timestamp,"enabled" bool DEFAULT 't' NOT
NULL, PRIMARY KEY ("uid"));
CREATE TABLE "usergroups" ("gid" int4 NOT NULL,"uid" int4 NOT NULL,
PRIMARY KEY ("gid", "uid"),CONSTRAINT "ug_gid_fkey" FOREIGN KEY ("gid")
REFERENCES "groups"("gid"),CONSTRAINT "ug_uid_fkey" FOREIGN KEY ("uid")
REFERENCES "accounts"("uid"));
Passwords are cleartext for the moment.
> I use the pgsql for email authentication only, so not that experienced,
> but happy to try this out locally, I assume you are using "sid" or
> "testing" if it is Postgres 8?
Testing; I'd rather not put unstable on it if I can help it since I
don't want to be waling down to the uni to reboot it every five minutes.
ben
--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html