How do I configure postgresql to use PAM for authentication on Red Hat Enterprise Linux?

Solution In Progress - Updated -

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • postgresql
  • postgresql-server

Issue

  • How do I enable postgresql to use PAM for authentication?

Resolution

  • postgresql can be configured to use PAM for local user authentication by editing the pg_hba.conf in data directory (default is /var/lib/pgsql/data/pg_hba.conf).

  • At the bottom of the config are a few entries:

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

# "local" is for Unix domain socket connections only
local   all         all                               trust
# IPv4 local connections:
host    all         all         127.0.0.1/32          trust
# IPv6 local connections:
host    all         all         ::1/128               trust
  • The METHOD type can be changed to pam here. As an example entry, to allow remote administration from the host 192.168.1.20 under the postgres user and require the local password of postgres, one can add:
host    all         postgres         192.168.1.20/32          pam

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments