X-Original-To: pgsql-docs-postgresql.org@localhost.postgresql.org Received: from localhost (unknown [200.46.204.144]) by svr1.postgresql.org (Postfix) with ESMTP id 9EB0D53604 for ; Wed, 27 Apr 2005 13:04:05 -0300 (ADT) Received: from svr1.postgresql.org ([200.46.204.71]) by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024) with ESMTP id 02637-06 for ; Wed, 27 Apr 2005 16:04:01 +0000 (GMT) Received: from candle.pha.pa.us (candle.pha.pa.us [64.139.89.126]) by svr1.postgresql.org (Postfix) with ESMTP id 0B268535E8 for ; Wed, 27 Apr 2005 13:03:55 -0300 (ADT) Received: (from pgman@localhost) by candle.pha.pa.us (8.11.6/8.11.6) id j3RG3sb08088; Wed, 27 Apr 2005 12:03:54 -0400 (EDT) From: Bruce Momjian Message-Id: <200504271603.j3RG3sb08088@candle.pha.pa.us> Subject: PAM documentation In-Reply-To: <28107.1114492614@sss.pgh.pa.us> To: Tom Lane Date: Wed, 27 Apr 2005 12:03:54 -0400 (EDT) Cc: PostgreSQL-documentation , rasputnik@hellooperator.net X-Mailer: ELM [version 2.4ME+ PL121 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=ELM1114617834-25909-0_ Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at hub.org X-Spam-Status: No, hits=0.01 tagged_above=0 required=5 tests=AWL X-Spam-Level: X-Archive-Number: 200504/27 X-Sequence-Number: 2957 --ELM1114617834-25909-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Tom Lane wrote: > momjian@svr1.postgresql.org (Bruce Momjian) writes: > > Mention that PAM requires the user already exist in the database, per > > Dick Davies. > > I don't recall exactly what Dick suggested, but the patch as applied > seems like fairly useless verbiage. Exactly which of our other auth > methods allow users who *don't* exist in the database to log in? > And why would anyone find it surprising that this does not happen? Can someone comment if having to create the database user account to use PAM is something that people forget? Is there increased confusion because PAM is usually used for the operating system usernames? Attached is the addition I made to the docs recently. Is it useful? Here is the email that prompted the addition: http://archives.postgresql.org/pgsql-admin/2005-03/msg00189.php -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 --ELM1114617834-25909-0_ Content-Transfer-Encoding: 7bit Content-Type: text/plain Content-Disposition: inline; filename="/bjm/diff" Index: client-auth.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v retrieving revision 1.76 retrieving revision 1.77 diff -c -c -r1.76 -r1.77 *** client-auth.sgml 22 Apr 2005 04:18:58 -0000 1.76 --- client-auth.sgml 26 Apr 2005 03:01:09 -0000 1.77 *************** *** 883,890 **** default PAM service name is postgresql. You can optionally supply your own service name after the pam key word in the file pg_hba.conf. ! For more information about PAM, please read the ! Linux-PAM Page and the Solaris PAM Page. --- 883,892 ---- default PAM service name is postgresql. You can optionally supply your own service name after the pam key word in the file pg_hba.conf. ! PAM is used only to validate username/password pairs. ! The user must already exist in the database before PAM ! can be used for authentication. For more information about ! PAM, please read the Linux-PAM Page and the Solaris PAM Page. --ELM1114617834-25909-0_--