Commit6c9e4d7

committed

Mentino that PAM doesn't work for Unix system authentication because of

the problems non-root reading /etc/shadow.

1 parent2d6cb17 commit6c9e4d7Copy full SHA for 6c9e4d7

File tree

+11

-1

lines changed

+11

-1

lines changed

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.100 2007/07/23 10:16:53 mha Exp $ -->`
	`1`	`+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.101 2007/09/14 03:53:54 momjian Exp $ -->`
`2`	`2`
`3`	`3`	`<chapter id="client-authentication">`
`4`	`4`	`<title>Client Authentication</title>`
`@@ -1067,6 +1067,16 @@ ldap[<replaceable>s</>]://<replaceable>servername</>[:<replaceable>port</>]/<rep`
`1067`	`1067`	`and the <ulink url="http://www.sun.com/software/solaris/pam/">`
`1068`	`1068`	`<systemitem class="osname">Solaris</> PAM Page</ulink>.`
`1069`	`1069`	`</para>`
	`1070`	`+`
	`1071`	`+ <note>`
	`1072`	`+ <para>`
	`1073`	`+ PAM does work authenticating against Unix system authentication`
	`1074`	`+ because the postgres server is started by a non-root user. In order`
	`1075`	`+ to enable this functionality, the root user must provide additional`
	`1076`	`+ permissions to the postgres user (for reading`
	`1077`	`+ <filename>/etc/shadow</>).`
	`1078`	`+ </para>`
	`1079`	`+ </note>`
`1070`	`1080`	`</sect2>`
`1071`	`1081`	`</sect1>`
`1072`	`1082`

Comments

(0)