public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Tom Lane <[email protected]>
Cc: PostgreSQL-documentation <[email protected]>
Cc: [email protected]
Subject: PAM documentation
Date: Wed, 27 Apr 2005 12:03:54 -0400 (EDT)
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
Tom Lane wrote:
> [email protected] (Bruce Momjian) writes:
> > Mention that PAM requires the user already exist in the database, per
> > Dick Davies.
>
> I don't recall exactly what Dick suggested, but the patch as applied
> seems like fairly useless verbiage. Exactly which of our other auth
> methods allow users who *don't* exist in the database to log in?
> And why would anyone find it surprising that this does not happen?
Can someone comment if having to create the database user account to use
PAM is something that people forget? Is there increased confusion
because PAM is usually used for the operating system usernames?
Attached is the addition I made to the docs recently. Is it useful?
Here is the email that prompted the addition:
http://archives.postgresql.org/pgsql-admin/2005-03/msg00189.php
--
Bruce Momjian | http://candle.pha.pa.us
[email protected] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Index: client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.76
retrieving revision 1.77
diff -c -c -r1.76 -r1.77
*** client-auth.sgml 22 Apr 2005 04:18:58 -0000 1.76
--- client-auth.sgml 26 Apr 2005 03:01:09 -0000 1.77
***************
*** 883,890 ****
default PAM service name is <literal>postgresql</literal>. You can
optionally supply your own service name after the <literal>pam</>
key word in the file <filename>pg_hba.conf</filename>.
! For more information about PAM, please read the
! <ulink url="http://www.kernel.org/pub/linux/libs/pam/";
<productname>Linux-PAM</> Page</ulink>
and the <ulink url="http://www.sun.com/software/solaris/pam/";
<systemitem class="osname">Solaris</> PAM Page</ulink>.
--- 883,892 ----
default PAM service name is <literal>postgresql</literal>. You can
optionally supply your own service name after the <literal>pam</>
key word in the file <filename>pg_hba.conf</filename>.
! PAM is used only to validate username/password pairs.
! The user must already exist in the database before PAM
! can be used for authentication. For more information about
! PAM, please read the <ulink url="http://www.kernel.org/pub/linux/libs/pam/";
<productname>Linux-PAM</> Page</ulink>
and the <ulink url="http://www.sun.com/software/solaris/pam/";
<systemitem class="osname">Solaris</> PAM Page</ulink>.
Attachments:
[text/plain] /bjm/diff (1.5K, 2-%2Fbjm%2Fdiff)
download | inline:
Index: client-auth.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v
retrieving revision 1.76
retrieving revision 1.77
diff -c -c -r1.76 -r1.77
*** client-auth.sgml 22 Apr 2005 04:18:58 -0000 1.76
--- client-auth.sgml 26 Apr 2005 03:01:09 -0000 1.77
***************
*** 883,890 ****
default PAM service name is <literal>postgresql</literal>. You can
optionally supply your own service name after the <literal>pam</>
key word in the file <filename>pg_hba.conf</filename>.
! For more information about PAM, please read the
! <ulink url="http://www.kernel.org/pub/linux/libs/pam/">
<productname>Linux-PAM</> Page</ulink>
and the <ulink url="http://www.sun.com/software/solaris/pam/">
<systemitem class="osname">Solaris</> PAM Page</ulink>.
--- 883,892 ----
default PAM service name is <literal>postgresql</literal>. You can
optionally supply your own service name after the <literal>pam</>
key word in the file <filename>pg_hba.conf</filename>.
! PAM is used only to validate username/password pairs.
! The user must already exist in the database before PAM
! can be used for authentication. For more information about
! PAM, please read the <ulink url="http://www.kernel.org/pub/linux/libs/pam/">
<productname>Linux-PAM</> Page</ulink>
and the <ulink url="http://www.sun.com/software/solaris/pam/">
<systemitem class="osname">Solaris</> PAM Page</ulink>.
view thread (8+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: PAM documentation
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox