search

pgpool / pgpool2

This is the official mirror of git://git.postgresql.org/git/pgpool2.git. Note that this is just a *mirror* - we don't work with pull requests on github. Please subscribe to pgpool-hackers mailing list from our website and submit your patch to this mailing list.
https://www.pgpool.net
Other
305 stars 87 forks source link

Unable to authenticate using pam in pgpool #8

Closed tanveermunavar closed 7 years ago

tanveermunavar commented 7 years ago

Team,

Im using pgpool2 (rpm installation) to connect to the postrgesql 9.6(rpm version) database using the pam authentication method. My environment and configuration looks like below. I have verified using ldd command and see pgpool has the libpam.so file, so i assume its supported.

CentOS Linux release 7.2.1511 (Core) 
pgpool-II-pg96.x86_64                 3.6.4-1pgdg.rhel7        @/pgpool-II-pg96-3.6.4-1pgdg.rhel7.x86_64
postgresql96.x86_64                   9.6.3-1PGDG.rhel7        @pgdg96          
postgresql96-contrib.x86_64           9.6.3-1PGDG.rhel7        @pgdg96          
postgresql96-libs.x86_64              9.6.3-1PGDG.rhel7        @pgdg96          
postgresql96-server.x86_64            9.6.3-1PGDG.rhel7        @pgdg96

Im using pgpool's hba config file using enable_pool_hba = on

[root@localhost ~]# tail -1 /etc/pgpool-II/pool_hba.conf 
host    all     pam-user     127.0.0.1/32    pam pamservice=postgresql96

Im have copied the below content of sample file from share dir and using it in postrgesql96 pam service file.

#%PAM-1.0
auth            required        pam_permit.so
account         required        pam_permit.so
-rwxr--r--. 1 root root 1458 Jun  2 23:11 /etc/shadow

PostgreSQL PAM service works fine but i have disabled to test the same from pgpool side. With trust mode the connection is fine , but however with PAM service its not working as expected. I see below highlighted error and this error is from pgpool's pool_hba.c:1343

[root@localhost ~]# psql -d postgres -h localhost -p 9999 -U pam-user
psql: FATAL:  failed authentication against PAM
DETAIL:  pam_authenticate failed: Authentication failure
Jun  3 20:33:18 localhost pgpool[32209]: [2-1] 2017-06-03 20:33:18: pid 32209: LOG:  Setting up socket for 0.0.0.0:9999
Jun  3 20:33:18 localhost pgpool[32209]: [2-2] 2017-06-03 20:33:18: pid 32209: LOCATION:  pgpool_main.c:874
Jun  3 20:33:18 localhost pgpool[32209]: [3-1] 2017-06-03 20:33:18: pid 32209: LOG:  Setting up socket for :::9999
Jun  3 20:33:18 localhost pgpool[32209]: [3-2] 2017-06-03 20:33:18: pid 32209: LOCATION:  pgpool_main.c:874
Jun  3 20:33:18 localhost pgpool[32209]: [4-1] 2017-06-03 20:33:18: pid 32209: LOG:  pgpool-II successfully started. version 3.6.4 (subaruboshi)
Jun  3 20:33:18 localhost pgpool[32209]: [4-2] 2017-06-03 20:33:18: pid 32209: LOCATION:  pgpool_main.c:414
Jun  3 20:33:18 localhost pgpool[32209]: [5-1] 2017-06-03 20:33:18: pid 32209: WARNING:  failed to open status file at: "/var/log/pgpool/pgpool_status"
Jun  3 20:33:18 localhost pgpool[32209]: [5-2] 2017-06-03 20:33:18: pid 32209: DETAIL:  "No such file or directory"
Jun  3 20:33:18 localhost pgpool[32209]: [5-3] 2017-06-03 20:33:18: pid 32209: LOCATION:  pgpool_main.c:3392
Jun  3 20:33:23 localhost pgpool[32239]: [4-1] 2017-06-03 20:33:23: pid 32239: LOG:  new connection received
Jun  3 20:33:23 localhost pgpool[32239]: [4-2] 2017-06-03 20:33:23: pid 32239: DETAIL:  connecting host=127.0.0.1 port=52054
Jun  3 20:33:23 localhost pgpool[32239]: [4-3] 2017-06-03 20:33:23: pid 32239: LOCATION:  child.c:2163
**Jun  3 20:33:23 localhost pgpool[32239]: [5-1] 2017-06-03 20:33:23: pid 32239: FATAL:  failed authentication against PAM
**Jun  3 20:33:23 localhost pgpool[32239]: [5-2] 2017-06-03 20:33:23: pid 32239: DETAIL:  pam_authenticate failed: Authentication failure
**Jun  3 20:33:23 localhost pgpool[32239]: [5-3] 2017-06-03 20:33:23: pid 32239: LOCATION:  pool_hba.c:1343
Jun  3 20:33:23 localhost pgpool[32209]: [6-1] 2017-06-03 20:33:23: pid 32209: LOG:  child process with pid: 32239 exits with status 512
Jun  3 20:33:23 localhost pgpool[32209]: [6-2] 2017-06-03 20:33:23: pid 32209: LOCATION:  pgpool_main.c:2457
Jun  3 20:33:23 localhost pgpool[32209]: [7-1] 2017-06-03 20:33:23: pid 32209: LOG:  fork a new child process with pid: 32319
Jun  3 20:33:23 localhost pgpool[32209]: [7-2] 2017-06-03 20:33:23: pid 32209: LOCATION:  pgpool_main.c:2543

Let me know if I'm missing anything.

Thanks, Tanveer Munavar

pgpool-conf.txt

tanveermunavar commented 7 years ago

@tatsuo-ishii , would you be able to help ?

pgpool-tmp commented 7 years ago

We do not accept bug report from Github. Please use the bug tracking system: https://pgpool.net/mediawiki/index.php/Bug_tracking_system