[pid 18897] stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 18897] open("/etc/pam.d/postgresql", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) [pid 18897] open("/etc/pam.d/other", O_RDONLY|O_LARGEFILE) = 4 What about providing the default PAM file?
There doesn't seem to be a default PAM file in the package. The best I can find is that copying an existing PAM file to the /etc/pam.d/postgresql file is the solution. Perhaps the ebuilds should conditionally: cp /etc/pam.d/system-services /etc/pam.d/postgresql What are your thoughts?
Definitely *not*. pamd_mimic system-auth auth account session in src_install after inheriting pam.eclass
Shouldn't that be: pamd_mimic system-auth postgresql auth account session
Yes I always forget one parameter it seems.
Diego - Given all the work you've been doing with PAM, is the comment 3 still correct?
Yeppers, since PostgreSQL is not a login system it isn't influenced by the recent changes. Although I'm not sure if it uses session, but that's beside the point now.
*** Bug 352972 has been marked as a duplicate of this bug. ***
When using Kerberos, an additional option should be passed to the pam_krb5.so module. The keytab for the postgresql PAM module should match the "krb_server_keyfile" directive in postgresql.conf, using the "keytab" pam_krb5.so option.
Fixed. 21 Mar 2011; Aaron W. Swenson <titanofold@gentoo.org> +postgresql-server-8.2.20-r1.ebuild, +postgresql-server-8.3.14-r1.ebuild, +postgresql-server-8.4.7-r1.ebuild, +postgresql-server-9.0.3-r1.ebuild: Fixes bugs 274836, 302384, 323683, 325709, 347005, 347223, 353687 and 353750.