problems with pam_pgsql

[Yann Conan imc-fr com]

Hello,

I'am working on synchronize a user postgresql
database with openssh using pam_pgsql for authentication.
And it doesn't work.
I'am using a fedora core 6 OS.
First, I've created the database "unix"
with 3 tables  with postgresql:

unix=# select * from passwd_table;
username |  passwd  | uid
| gid | gecos  |   homedir   |   shell   
----------+----------+-----+-----+--------+-------------+-----------
 user1    | password
| 500 | 500 | user 1 | /home/user1 | /bin/bash
 user2    | password
| 501 | 500 | user 2 | /home/user2 | /bin/bash

select * from group_table;
 gid | groupname | descr | passwd

-----+-----------+-------+--------
 500 | util      |
    

select * from usergroups;
 gid | uid 
-----+-----  | 

I've installed by compilation the libnss-pgsql
the getent passwd command works, I obtain
the user1 an user2 à the end of the list.

I am able to change the user and the
group of un directy with chown command :
# ls -l /home
total 8
drwxr-xr-x 2 user1 util 4096 avr 24
10:11 user1

then now i would like to login with
ssh on this system with a user existing in the database. To do that I ve
installed pam-pgsql.so.

I've compiled this version of pam-pgsql
: pam-pgsql-1.0.0.tgz find on pgfoundry web site.
I've followed the README help to install
it and configure it :

./configure; make; make install

the /etc/pam.d/sshd file is configured
like that:

auth       include  
   system-auth-pg
account    required  
  pam_nologin.so
account    include  
   system-auth-pg
password   include    
 system-auth-pg
session    optional  
  pam_keyinit.so force revoke
session    include  
   system-auth-pg
session    required  
  pam_loginuid.so

and the /etc/pam.d/system-auth-pg is
configured like that :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the
next time authconfig is run.
auth        required
     pam_env.so
auth        sufficient
   pam_pgsql.so use_first_pass debug
auth        sufficient
   pam_unix.so nullok try_first_pass
auth        requisite
    pam_succeed_if.so uid >= 500 quiet
auth        required
     pam_deny.so

account     required pam_pgsql.so
debug
account     required  
   pam_unix.so
account     sufficient  
 pam_succeed_if.so uid < 500 quiet
account     required  
   pam_permit.so

password    sufficient pam_pgsql.so
debug
password    requisite  
  pam_cracklib.so try_first_pass retry=3
password    sufficient  
 pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    required  
   pam_deny.so

session     optional  
   pam_keyinit.so revoke
session     required  
   pam_limits.so
session     [success=1 default=ignore]
pam_succeed_if.so service in crond quiet use_uid
session     required  
   pam_unix.so

and the /etc/pam_pgsql.conf is configured
like that:

connectionstring = user=postgres host=127.0.0.1
dbname=unix
getpassword = SELECT passwd FROM passwd_table
WHERE username = $1
#changepw = UPDATE passwd_table SET
password = $2 WHERE user = $1
#isexpired = SELECT 1 FROM passwd_table
WHERE user = $1 AND isexpired < NOW()
#newpassrequired = SELECT 1 FROM table
WHERE user = $1 AND newpass < NOW()

I tried also this configuration

host = 127.0.0.1
database = unix
user = postgres
table = passwd_table
user_column = username
pwd_column = passwd
debug
pw_type = clear

the authentication with postgresql is
for the moment  in trust mode to not use password (this system works
with nsswitch)

then when i try this command on the
server:
ssh user1 127 0 0 1 

I've only this two messages in my log:

in /var/log/secure :
Apr 26 00:36:29 FC6-vm1 sshd[9067]:
pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh
ruser= rhost=fc6-vm1  user=user1
Apr 26 00:36:31 FC6-vm1 sshd[9067]:
Failed password for user1 from 127.0.0.1 port 42067 ssh2

and in /var/log/messages :
Apr 26 00:36:29 FC6-vm1 PAM_pgsql[9067]:
the database, table and user_column options are required.

It's strange, it's like the pam_pgsql.conf
was not read !?

Any idea ?

Kind regards,

Yann CONAN from Bordeaux