public inbox for [email protected]
help / color / mirror / Atom feedFrom: Bruce Momjian <[email protected]>
To: Alvaro Herrera <[email protected]>
Cc: Tom Lane <[email protected]>
Cc: PostgreSQL-documentation <[email protected]>
Cc: [email protected]
Subject: Re: PAM documentation
Date: Wed, 27 Apr 2005 16:11:16 -0400 (EDT)
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
Alvaro Herrera wrote:
> On Wed, Apr 27, 2005 at 12:03:54PM -0400, Bruce Momjian wrote:
> > Tom Lane wrote:
> > > [email protected] (Bruce Momjian) writes:
> > > > Mention that PAM requires the user already exist in the database, per
> > > > Dick Davies.
> > >
> > > I don't recall exactly what Dick suggested, but the patch as applied
> > > seems like fairly useless verbiage. Exactly which of our other auth
> > > methods allow users who *don't* exist in the database to log in?
> > > And why would anyone find it surprising that this does not happen?
> >
> > Can someone comment if having to create the database user account to use
> > PAM is something that people forget? Is there increased confusion
> > because PAM is usually used for the operating system usernames?
> >
> > Attached is the addition I made to the docs recently. Is it useful?
>
> Yes, because PAM works different on other systems, specially if it's
> configured to use LDAP or some such. Though I'd rephrase with something
> like
>
> > default PAM service name is <literal>postgresql</literal>. You can
> > optionally supply your own service name after the <literal>pam</>
> > key word in the file <filename>pg_hba.conf</filename>.
> > ! Note that PAM is only used to validate username/password pairs;
> > ! therefore, the user must already exist in the database before PAM
> > ! can be used for authentication. For more information about
> > ! PAM, please read the <ulink url="http://www.kernel.org/pub/linux/libs/pam/";
OK, update done:
PAM is used only to validate username/password pairs.
Therefore the user must already exist in the database before PAM
can be used for authentication.
--
Bruce Momjian | http://candle.pha.pa.us
[email protected] | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
view thread (8+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: PAM documentation
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox