Pivotal Greenplum (GPDB): All Versions
How to configure Pluggable Authentication Modules (PAM) for Greenplum?
Follow the steps below for example. In this example, the goal is to enable PAM authentication for Greenplum user "alice."
- Create a Linux user
In this example, create a Linux user named "alice" with password "alice," and su to "alice" for testing.
[gpadmin@mdw pg_log]$ su - alice Password: [alice@mdw ~]$
- Configure Greenplum for PAM
Add one line in pg_hba.conf for "alice" with authentication method "pam."
[gpadmin@mdw]$ more pg_hba.conf host all alice 0.0.0.0 0.0.0.0 pam
- Create /etc/pam.d/postgresql with content as follows
[gpadmin@mdw]$ more /etc/pam.d/postgresql #%PAM-1.0 auth include system-autha ccount include system-auth password include system-auth session include system-auth
- Change permission for /etc/shadow permission file to 404.
[gpadmin@mdw]$ ls -l /etc/shadow -r-----r-- 1 root root 2221 Oct 24 13:26 /etc/shadow
- Create a role named "alice" in Greenplum with login permission.
=# create role alice with login; CREATE ROLE
- Try to connect to Greenplum using user "alice" via PAM.
[gpadmin@mdw]$ psql -U alice -h mdw Password for user alice: Timing is on. psql (8.2.15) Type "help" for help. viadea=>