[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Benjamin A'Lee wrote:
>
> password = longwindedandhardtorememberobscurequotation
Hehe -- That'll be "so long and thanks for all the fish" then ;)
> CREATE TABLE "usergroups" ("gid" int4 NOT NULL,"uid" int4 NOT NULL,
> PRIMARY KEY ("gid", "uid"),CONSTRAINT "ug_gid_fkey" FOREIGN KEY ("gid")
> REFERENCES "groups"("gid"),CONSTRAINT "ug_uid_fkey" FOREIGN KEY ("uid")
> REFERENCES "accounts"("uid"));
Creating the usergroups fails in recent versions of Postgres because you
can only reference a unique field, and "uid" in accounts is not unique.
"gid" is okay as it is a primary key.
I assume you got this table to create somehow? I added "unique" to the
UID definition.
> Passwords are cleartext for the moment.
Okay - thats the default for pgsql so that is easiest to start with.
> Testing; I'd rather not put unstable on it if I can help it since I
> don't want to be waling down to the uni to reboot it every five minutes.
No idea why you think unstable is less stable... me thinks you are
confusing labels, but it shouldn't be necessary, apart from the Postgres
level this should work in stable as well.
I installed the libnss-pgsql1 package in unstable, configured the pam
files as you documented in the first post, and the nsswitch.conf and
nss-pgsql.conf file as per the Debian examples in
/usr/share/doc/libnss-pgsql1/examples
I can authenticate as user ben (uid 1, gid 1) from the Postgres
database, and login as "ben".
But I can't authenticate as a local user, and /var/log/auth is
complaining bitterly about "try_authtok" for pam_unix.so. And pwdexpired.
pwdexpired is because the database and the example pam_pgsql.conf
disagree on the name. Not sure on the "try_authok" error here.
This behaviour appears to be different from what you are seeing, so I
assume you probably have a typo in one of the config files preventing
things getting this far, or trouble with compiling the libnss-pgsql1
package (can you pin/grab it from sid instead of a source build, or are
the dependencies too messy ?)
I've now undone the config this end, as having local users broken was
doing untold harm, not that there is much important on the box. But I
guess shout once you get to being able to login as a PGSQL user, and we
can ponder the subtleties of PAM separately.
--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html