Hi,

Could someone confirm that the ability to share the Linux system
/etc/passwd (or shadow) file with PostgreSQL is definitely defunct?

I've searched the archives and, as far as I can tell, this functionality
was removed after version 7.2 as "few were using it". Well we were using
it and we have thus been stuck with using version 7.2 ever since. We'd
really like to finally upgrade to version 8 but would rather not create
separate passwords for everyone unless we really have no choice. Is this
definitely the case?

Thanks,
Ed


--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

On Fri, Aug 7, 2009 at 8:08 AM, Eamonn Martin<mas01em [at] gold.ac.uk> wrote:
>
> Hi,
>
> Could someone confirm that the ability to share the Linux system /etc/pas=
swd
> (or shadow) file with PostgreSQL is definitely defunct?
>
> I've searched the archives and, as far as I can tell, this functionality =
was
> removed after version 7.2 as "few were using it". =A0Well we were using i=
t and
> we have thus been stuck with using version 7.2 ever since. =A0We'd really=
like
> to finally upgrade to version 8 but would rather not create separate
> passwords for everyone unless we really have no choice. =A0Is this defini=
tely
> the case?

Yep, it's definitely the case. You could look into using LDAP for
authentication of both your users on regular unix type accounts and
pgsql users.

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Eamonn Martin wrote:
>
> Hi,
>
> Could someone confirm that the ability to share the Linux system
> /etc/passwd (or shadow) file with PostgreSQL is definitely defunct?
>
> I've searched the archives and, as far as I can tell, this
> functionality was removed after version 7.2 as "few were using it".
> Well we were using it and we have thus been stuck with using version
> 7.2 ever since. We'd really like to finally upgrade to version 8
> but would rather not create separate passwords for everyone unless
> we really have no choice. Is this definitely the case?

You can authenticate users with PAM, which amounts more or less to the
same thing.

--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> You can authenticate users with PAM, which amounts more or less to the
> same thing.

I believe though that using PAM against /etc/shadow would require the
postmaster to run as root. You need some external authentication
server; PAM by itself isn't going to solve it. Maybe LDAP or Kerberos?

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Tom Lane wrote:
> Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> > You can authenticate users with PAM, which amounts more or less to the
> > same thing.
>
> I believe though that using PAM against /etc/shadow would require the
> postmaster to run as root. You need some external authentication
> server; PAM by itself isn't going to solve it. Maybe LDAP or Kerberos?

At least my system seems to provide a setgid helper program that's
supposed to read /etc/shadow, to work around this problem.

BTW I notice that this does not work unless the client supplies the
password the first time around; psql does not retry. It only works if I
do "psql -W".

--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> BTW I notice that this does not work unless the client supplies the
> password the first time around; psql does not retry. It only works if I
> do "psql -W".

Huh, that sounds like a bug someplace. Care to trace through it?

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Tom Lane wrote:
> Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> > BTW I notice that this does not work unless the client supplies the
> > password the first time around; psql does not retry. It only works if I
> > do "psql -W".
>
> Huh, that sounds like a bug someplace. Care to trace through it?

It had to do with me having a bogus password in .pgpass (so psql was
first trying empty password, then the one in .pgpass, and both failing).
Pilot error. However, I'd say that we ought to give a notice if the
password in .pgpass fails.

--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> It had to do with me having a bogus password in .pgpass (so psql was
> first trying empty password, then the one in .pgpass, and both failing).
> Pilot error. However, I'd say that we ought to give a notice if the
> password in .pgpass fails.

Can we do something like
ERROR: password authentication failed (using password from .pgpass)
ie, just tack on a comment to the error message?

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

This is a multi-part message in MIME format.

------_=_NextPart_001_01CA21BC.C769B94B
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hi Everybody,

I am interested in following this particular thread,
though, yesterday our mail server went down for a few
hours and I don't have the whole account.

Can somebody please tell me how I could retrieve a
history of this particular thread?

Thank you in advance

Regards,

Tena Sakai
tsakai [at] gallo.ucsf.edu


-----Original Message-----
From: pgsql-admin-owner [at] postgresql.org on behalf of Tom Lane
Sent: Thu 8/20/2009 8:37 AM
To: Alvaro Herrera
Cc: Eamonn Martin; pgsql-admin [at] postgresql.org
Subject: Re: [ADMIN] Sharing /etc/passwd with PostgreSQL

Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> It had to do with me having a bogus password in .pgpass (so psql was
> first trying empty password, then the one in .pgpass, and both =
failing).
> Pilot error. However, I'd say that we ought to give a notice if the
> password in .pgpass fails.

Can we do something like
ERROR: password authentication failed (using password from .pgpass)
ie, just tack on a comment to the error message?

regards, tom lane

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin


------_=_NextPart_001_01CA21BC.C769B94B
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7654.12">
<TITLE>RE: [ADMIN] Sharing /etc/passwd with PostgreSQL </TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=3D2>Hi Everybody,<BR>
<BR>
I am interested in following this particular thread,<BR>
though, yesterday our mail server went down for a few<BR>
hours and I don't have the whole account.<BR>
<BR>
Can somebody please tell me how I could retrieve a<BR>
history of this particular thread?<BR>
<BR>
Thank you in advance<BR>
<BR>
Regards,<BR>
<BR>
Tena Sakai<BR>
tsakai [at] gallo.ucsf.edu<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: pgsql-admin-owner [at] postgresql.org on behalf of Tom Lane<BR>
Sent: Thu 8/20/2009 8:37 AM<BR>
To: Alvaro Herrera<BR>
Cc: Eamonn Martin; pgsql-admin [at] postgresql.org<BR>
Subject: Re: [ADMIN] Sharing /etc/passwd with PostgreSQL<BR>
<BR>
Alvaro Herrera <alvherre [at] commandprompt.com> writes:<BR>
> It had to do with me having a bogus password in .pgpass (so psql =
was<BR>
> first trying empty password, then the one in .pgpass, and both =
failing).<BR>
> Pilot error.  However, I'd say that we ought to give a notice =
if the<BR>
> password in .pgpass fails.<BR>
<BR>
Can we do something like<BR>
        ERROR: password =
authentication failed (using password from .pgpass)<BR>
ie, just tack on a comment to the error message?<BR>
<BR>
        =
        =
        regards, tom lane<BR>
<BR>
--<BR>
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)<BR>
To make changes to your subscription:<BR>
<A =
HREF=3D"http://www.postgresql.org/mailpref/pgsql-admin">http ://www.postgr=
esql.org/mailpref/pgsql-admin</A><BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01CA21BC.C769B94B--

On Thu, 2009-08-20 at 10:31 -0700, Tena Sakai wrote:
> Hi Everybody,
>
> I am interested in following this particular thread,
> though, yesterday our mail server went down for a few
> hours and I don't have the whole account.
>
> Can somebody please tell me how I could retrieve a
> history of this particular thread?
>
> Thank you in advance

http://archives.postgresql.org/

Joshua D. Drake

--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 503.667.4564
Consulting, Training, Support, Custom Development, Engineering



--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

On Thu, Aug 20, 2009 at 10:31 AM, Tena Sakai<tsakai [at] gallo.ucsf.edu> wrote:

> Can somebody please tell me how I could retrieve a
> history of this particular thread?

Generally:

http://archives.postgresql.org/

Specifically:

http://archives.postgresql.org/pgsql-admin/2009-08/msg00056. php

--
Regards,
Richard Broersma Jr.

Visit the Los Angeles PostgreSQL Users Group (LAPUG)
http://pugs.postgresql.org/lapug

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

This is a multi-part message in MIME format.

------_=_NextPart_001_01CA21D3.FD6A93CD
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Many thanks!

Tena Sakai


-----Original Message-----
From: Richard Broersma [mailto:richard.broersma [at] gmail.com]
Sent: Thu 8/20/2009 10:58 AM
To: Tena Sakai
Cc: pgsql-admin [at] postgresql.org
Subject: Re: [ADMIN] Sharing /etc/passwd with PostgreSQL

On Thu, Aug 20, 2009 at 10:31 AM, Tena Sakai<tsakai [at] gallo.ucsf.edu> =
wrote:

> Can somebody please tell me how I could retrieve a
> history of this particular thread?

Generally:

http://archives.postgresql.org/

Specifically:

http://archives.postgresql.org/pgsql-admin/2009-08/msg00056. php

--
Regards,
Richard Broersma Jr.

Visit the Los Angeles PostgreSQL Users Group (LAPUG)
http://pugs.postgresql.org/lapug


------_=_NextPart_001_01CA21D3.FD6A93CD
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7654.12">
<TITLE>RE: [ADMIN] Sharing /etc/passwd with PostgreSQL</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=3D2>Many thanks!<BR>
<BR>
Tena Sakai<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: Richard Broersma [<A =
HREF=3D"mailto:richard.broersma [at] gmail.com">mailto:richard.br oersma [at] gmail.=
com</A>]<BR>
Sent: Thu 8/20/2009 10:58 AM<BR>
To: Tena Sakai<BR>
Cc: pgsql-admin [at] postgresql.org<BR>
Subject: Re: [ADMIN] Sharing /etc/passwd with PostgreSQL<BR>
<BR>
On Thu, Aug 20, 2009 at 10:31 AM, Tena =
Sakai<tsakai [at] gallo.ucsf.edu> wrote:<BR>
<BR>
> Can somebody please tell me how I could retrieve a<BR>
> history of this particular thread?<BR>
<BR>
Generally:<BR>
<BR>
<A =
HREF=3D"http://archives.postgresql.org/">http://archives.pos tgresql.org/<=
/A><BR>
<BR>
Specifically:<BR>
<BR>
<A =
HREF=3D"http://archives.postgresql.org/pgsql-admin/2009-08/m sg00056.php">=
http://archives.postgresql.org/pgsql-admin/2009-08/msg00056. php</A><BR>
<BR>
--<BR>
Regards,<BR>
Richard Broersma Jr.<BR>
<BR>
Visit the Los Angeles PostgreSQL Users Group (LAPUG)<BR>
<A =
HREF=3D"http://pugs.postgresql.org/lapug">http://pugs.postgr esql.org/lapu=
g</A><BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01CA21D3.FD6A93CD--

Tom Lane wrote:
> Alvaro Herrera <alvherre [at] commandprompt.com> writes:
> > It had to do with me having a bogus password in .pgpass (so psql was
> > first trying empty password, then the one in .pgpass, and both failing).
> > Pilot error. However, I'd say that we ought to give a notice if the
> > password in .pgpass fails.
>
> Can we do something like
> ERROR: password authentication failed (using password from .pgpass)
> ie, just tack on a comment to the error message?

I looked into that but found it difficult to implement because only
libpq knows about pgpass, while the message is printed by psql.

--
Bruce Momjian <bruce [at] momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
PG East: http://www.enterprisedb.com/community/nav-pg-east-2010.do
+ If your life is a hard drive, Christ can be your backup. +

--
Sent via pgsql-admin mailing list (pgsql-admin [at] postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin