|Pivotal Greenplum (GPDB)||All versions|
How to configure Pluggable Authentication Modules (PAM) for Greenplum?
Follow the steps below for example. In this example, the goal is to enable PAM authentication for Greenplum user "alice."
- Create a Linux user
In this example, create a Linux user named "alice" with password "alice," and su to "alice" for testing.
[gpadmin@mdw pg_log]$ su - alice Password: [alice@mdw ~]$
- Configure Greenplum for PAM
Add one line in pg_hba.conf for "alice" with authentication method "pam."
[gpadmin@mdw]$ more pg_hba.conf host all alice 0.0.0.0 0.0.0.0 pam
- Create /etc/pam.d/postgresql with content as follows
[gpadmin@mdw]$ more /etc/pam.d/postgresql #%PAM-1.0 auth include system-autha ccount include system-auth password include system-auth session include system-auth
- Change permission for /etc/shadow permission file to 404.
[gpadmin@mdw]$ ls -l /etc/shadow -r-----r-- 1 root root 2221 Oct 24 13:26 /etc/shadow
- Create a role named "alice" in Greenplum with login permission.
=# create role alice with login; CREATE ROLE
- Try to connect to Greenplum using user "alice" via PAM.
[gpadmin@mdw]$ psql -U alice -h mdw Password for user alice: Timing is on. psql (8.2.15) Type "help" for help. viadea=>