[Pkg-postgresql-public] libpam-pgsql and libnss-pgsql2 do not workas expected...

PMC OS pmcos-support at freenet.de
Wed Aug 25 00:43:02 UTC 2010


OK, it seems the Webmail Interface for <http://www.freenet.de/>
is earting SQL statements so I do not know what to do now...

Currently I can not send Mails fro my 100MBit FTTH

> -----Ursprüngliche Nachricht-----
> Von: PMC OS 
> Gesendet: Mi. 25.08.10 (01:36)
> An: pkg-postgresql-public at lists.alioth.debian.org
> Betreff: [Pkg-postgresql-public] libpam-pgsql and libnss-pgsql2 do not workas expected...
> 
> Hello experts,
> 
> I am new to Linux, PostgreSQL and Courier and have setup a small
> netwok with 6 Computers runing Debian Lenny:
> 
> 1) 2 Workstations
> 2) 2 Intranet Servers
> 3) PostgreSQL Server
> 4) Router
> 
> The two intranet servers are now working with NFSv4/TCP, apache2 with
> suphp and php5, courier-imap/mta/mlm
> 
> My router is working to and use IPT, bind9 and apache2 with mod_proxy
> forwarding traffic to the two intranet servers.
> 
> Also the workstations are working fine.
> 
> First I had a problem connection to the PostgreSQL server over the
> network, but no it is working.
> 
> OK, I have  "system" and imported a modified the scheme
> 
> ----( system_scheme.1.sql )----
> -- 
> 
>  "system" WITH TEMPLATE = template0 ENCODING = 'UTF8';
> 
>  "system" OWNER TO 'system';
> 
> -- Connect to database
> 
> connect "system";
> 
> -- Create two sequences for gid and uid
> 
> CREATE SEQUENCE g_id
>         START WITH 10001
>         INCREMENT BY 1
>         MINVALUE 1000
>         MAXVALUE 2147483647
>         NO CYCLE;
> 
> CREATE SEQUENCE u_id
>         START WITH 10001
>         INCREMENT BY 1
>         MINVALUE 10000
>         MAXVALUE 2147483647
>         NO CYCLE;
> 
> -- s
> 
>  "system_group" (
>         "gid"           integer NOT NULL DEFAULT
> nextval('g_id'::regclass),
>         "groupname"     character varying(16) NOT NULL,
>         "descr"         character varying,
>         "passwd"        character varying(64),
>         PRIMARY KEY ("gid")
> );
>  "system_group" OWNER TO 'system';
> 
>  "system_passwd" (
>         "username"      character varying(32) NOT NULL,
>         "passwd"        character varying(64) NOT NULL,
>         "uid"           integer NOT NULL DEFAULT
> nextval('uid'::regclass),
>         "gid"           integer NOT NULL,
>         "gecos"         character varying(128),
>         "homedir"       character varying(128) NOT NULL,
>         "shell"         character varying DEFAULT '/bin/bash' NOT
> NULL,
>         PRIMARY KEY ("uid")
> );
>  "system_passwd" OWNER TO 'system';
> 
>  "system_groups" (
>         "gid"           integer NOT NULL,
>         "uid"           integer NOT NULL,
>         PRIMARY KEY ("gid", "uid"),
>         CONSTRAINT "ug_gid_fkey" FOREIGN KEY ("gid") REFERENCES
> "groups"("gid"),
>         CONSTRAINT "ug_uid_fkey" FOREIGN KEY ("uid") REFERENCES
> "accounts"("uid")
> );
>  "system_groups" OWNER TO 'system';
> 
>  "system_shadow" (
>         "username"      character varying(32) NOT NULL,
>         "passwd"        character varying(64) NOT NULL,
>         "lastchange"    integer NOT NULL,
>         "min"           integer NOT NULL,
>         "max"           integer NOT NULL,
>         "warn"          integer NOT NULL,
>         "inact"         integer NOT NULL,
>         "expire"        integer NOT NULL,
>         "flag"          integer NOT NULL,
>         PRIMARY KEY ("username")
> );
>  "system_shadow" OWNER TO 'system';
> 
>  "system_server" (
>         "uid"           integer NOT NULL,
>         "server"        character varying(64) DEFAULT
> 'intranet.example.com' NOT NULL,
>         PRIMARY KEY ("uid")
> );
>  "system_server" OWNER TO 'system';
> 
>  "system_quota" (
>         "uid"           integer NOT NULL,
>         "quota"         integer DEFAULT '131072' NOT NULL,
>         PRIMARY KEY ("uid")
> );
>  "system_quota" OWNER TO 'system';
> 
>  "system_auxoptions_courier" (
>         "uid"           integer NOT NULL,
>         "auxoptions"    character varying(255),
>         PRIMARY KEY ("uid")
> );
>  "system_auxoptions_courier" OWNER TO 'system';
> -------------------------------
> 
> and created following files:
> 
> ----( /etc/nss-pgsql.conf )----
> connectionstring        = hostaddr=pgsql.example.com dbname=system
> user=system password=whoops connect_timeout=1
> 
> # you can use anything postgres accepts as table expression
> 
> # Must return "usernames", 1 column, list
> getgroupmembersbygid    =  system_passwd WHERE gid = $1
> 
> # Must return passwd_name, passwd_passwd, passwd_gecos, passwd_dir,
> passwd_shell, passwd_uid, passwd_gid
> getpwnam                =  system_passwd WHERE username = $1
> 
> # Must return passwd_name, passwd_passwd, passwd_gecos, passwd_dir,
> passwd_shell, passwd_uid, passwd_gid
> getpwuid                =  system_passwd WHERE uid = $1
> 
> # All users
> allusers                =  system_passwd
> 
> # Must return group_name, group_passwd, group_gid
> getgrnam                =  system_group WHERE groupname = $1
> 
> # Must return group_name, group_passwd, group_gid
> getgrgid                =  system_group WHERE gid = $1
> 
> # Must return gid.  %s MUST appear first for username match in where
> clause
> groups_dyn              =  system_passwd JOIN system_groups USING
> (uid) where username = $1 and ug.gid <> $2
> allgroups               =  system_group
> ------------
> 
> ----( /etc/nss-pgsql-root.conf )----
> # example configfile for PostgreSQL NSS module
> # this file must be readable for root only
> 
> connectionstring        = hostaddr=pgsql.example.com dbname=system
> user=system
> connect_timeout         = 1
> 
> #Query in the following format
> #shadow_name, shadow_passwd, shadow_lstchg, shadow_min, shadow_max,
> shadow_warn, shadow_inact, shadow_expire, shadow_flag
> shadowbyname            =  system_shadow WHERE username = $1
> shadow                  =  system_shadow
> ------------
> 
> and modified the
> 
> ----( /etc/nsswitch.conf )----
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> #
> # extended with example entries using the nss-pgsql module.
> 
> passwd:         files [SUCCESS=continue] pgsql compat
> group:          files [SUCCESS=continue] pgsql compat
> shadow:         files [SUCCESS=continue] pgsql compat
> 
> hosts:          files dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> ------------
> 
> ----( /etc/pam_pgsql.conf )----
> host            = pgsql.example.com
> port            = 5032
> database        = system
> user            = system
> password        = whoops
> table           = system
> user_column     = username
> pwd_column      = passwd
> expired_column  = expired
> newtok_column   = new_pwreq
> pw_type         = md5
> timeout         = 3
> debug
> 
> # connect = hostaddre=pgsql.example.com dbname=system user=system
> password=whoops connect_timeout=3
> # auth_query =  system_passwd WHERE username = %u
> # acct_query = SELECT (expired = 'y' OR expired = '1'), (new_pwreq =
> 'y' OR new_pwreq = '1'), (password IS
> # pwd_query =  passwd = %p WHERE username = %u
> 
> # There are also additional flags you can use:
> #     authtok           - see "use_first_pass"
> #     use_first_pass    - require authtok from previous entry in PAM
> stack
> #                         (useful for "password   required 
> pam_pgsql.so authtok")
> #                         after "password required pam_cracklib.so
> ..."
> #     try_first_pass    - same as previous, but doesn't fail if
> previous
> #                         module failed to provide us with password
> #     echo_pass                 - displays password while being
> typed
> ------------
> 
> and of course
> 
> ----( /etc/pam.d/common-auth )----
> auth        required    pam_pgsql.so
> ------------
> 
> ----( /etc/pam.d/common-account )----
> account     required    pam_pgsql.so
> ------------
> 
> ----( /etc/pam.d/common-password )----
> password    required    pam_pgsql.so
> ------------
> 
> leafe a "root terminal" ope if something goes wrong, restarted
> services...
> 
> . ..and kicked my self in the ass!
> 
> Can someone of you experts tell me what I have done wrong?
> 
> Oh and for the two things:
>     expired_column  = expired
>     newtok_column   = new_pwreq
> 
> How can I transform this into a query which requests its data from
> the table system_shadow?
> 
> Thanks
> PMCOS
> 
> 
> 
> 
> Exklusiv: Neue E-Mail-Adresse @iPhone.de jetzt verfügbar!
> Sichern Sie sich jetzt ihre persönliche
> http://www.iphone.de/iphonemail/index.html?pid=10111947021
> 
> _______________________________________________
> Pkg-postgresql-public mailing list
> Pkg-postgresql-public at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-postgresql-public> 
> 
> -----Ursprüngliche Nachricht Ende-----

-- 




freenetMail mobil – Alle E-Mails auf Ihrem Handy versenden und empfangen.
Jetzt kinderleicht und kostenlos einrichten. http://tls.freenet.de/tipp/handymail/index.html


More information about the Pkg-postgresql-public mailing list