Logged-In As
ACCOUNT
Not Logged In
Create security/pam-pgsql package The NetBSD Project
Status: Closed Time to complete: 96 hrs Mentors: Aleksej Saushev Tags: security, postgresql, pkgsrc, code

We don't have packaged PostgreSQL option for PAM authentication. This is serious omission.

Create a pkgsrc package for http://sourceforge.net/projects/pam-pgsql/ (pkgsrc is NetBSD-originated portable framework for building software packages.)

Provide instructions how to test its functionality (smoke test).

 

It is possible that you run into blocking problem. Problem report that includes description of problem, step-by-step instructions to reproduce it, and explanation why it is considered blocking is accepted as successful task completion.

 

References

1. The pkgsrc Guide: http://www.netbsd.org/docs/pkgsrc/

2. pkgsrc targets for impatient: http://wiki.netbsd.org/pkgsrc/targets

3. Similar packages: security/pam-ldap, security/pam-mysql, other security/pam-* packages.

Uploaded Work
File name/URL File size Date submitted
pam-pgsql.tar.gz 563.3 KB December 10 2012 00:54 UTC
pam-pgsql-0.7.3.1.tgz 18.3 KB December 10 2012 00:55 UTC
pam-pgsql.tar.gz 1.3 KB December 11 2012 01:59 UTC
Comments
Matthew on December 4 2012 21:17 UTC Claim

I'll claim this task once my other tasks finish up.

Matthew on December 7 2012 00:18 UTC Task Claimed

I would like to work on this task.

Radoslaw Kujawa on December 7 2012 00:52 UTC Task Assigned

This task has been assigned to Matthew. You have 96 hours to complete this task, good luck!

Aleksej Saushev on December 8 2012 19:15 UTC Progress?

Hi!


You're working for a day, at this time you should have at least a skeleton package and a list of issues you need to resolve to get it building and/or running. It may be beneficial to you, if you discuss your work-in-progress package with us.

Matthew on December 10 2012 00:59 UTC Blocking Problem

While this package may still work with Linux-PAM, I could not get it to work with OpenPAM.


Although it compiled fine, PAM did not look in /usr/pkg/lib/


To reproduce, try installing the package then add a pam_pgsql.so line to a /etc/pam.d line. It is unable to load the module even when in /usr/lib/.


I've been working on various attempts to fix it all weekend, but I've finally given up after 3 days. Unless you have any easy fixes, I'm going to call this blocking.

Matthew on December 10 2012 01:00 UTC Ready for review

The work on this task is ready to be reviewed.

Aleksej Saushev on December 10 2012 10:50 UTC Deadline extended

The deadline of the task has been extended with 0 days and 12 hours.

Aleksej Saushev on December 10 2012 19:45 UTC Review

Hi!
This is nice! You're almost there!
See pam.conf(5), you need to use full path, if your module isn't in predefined module directory.

Please, don't assign default value to PKG_DESTDIR_SUPPORT, remove corresponding line entirely.
Also, please, submit only package in its source form, that is content of your pam-pgsql directory without working directory. You don't need to submit binary package.

Aleksej Saushev on December 10 2012 19:45 UTC Task Needs More Work

One of the mentors has sent this task back for more work. Talk to the mentor(s) assigned to this task to satisfy the requirements needed to complete this task, submit your work again and mark the task as complete once you re-submit your work.

Aleksej Saushev on December 10 2012 19:46 UTC Deadline extended

The deadline of the task has been extended with 1 days and 0 hours.

Matthew on December 11 2012 02:09 UTC Instructions

I'll give a short summary of what the README already says:



  1. Create a user, test, with password, testpassword.

  2. Make PostgreSQL database sysdb with table accounts and columns "username" and "password".

  3. Add a row with the username and password of the test user.

  4. Create /usr/pkg/etc/pam_pgsql.conf with this:


    1. database = sysdb

    2. user = root

    3. table = account

    4. user_column = username

    5. pwd_column = password


  5. Edit the file /etc/pam.d/su adding this to the end:


    1. auth required /usr/pkg/lib/security/pam_pgsql.so

    2. account required /usr/pkg/lib/security/pam_pgsql.so

    3. password required /usr/lib/security/pam_pgsql.so


  6. Test the "su" command and everything should work.

Matthew on December 11 2012 02:09 UTC Ready for review

The work on this task is ready to be reviewed.

Aleksej Saushev on December 11 2012 22:54 UTC Review

Hi!


This is better.


It would be nice, if all changes to "configure" scripts are accompanied by corresponding changes to configure.in/configure.ac.


Also, your deployment and field-testing instructions are wrong. See explanation of control-flag in pam.conf(5).

Aleksej Saushev on December 11 2012 22:54 UTC Deadline extended

The deadline of the task has been extended with 1 days and 0 hours.

Aleksej Saushev on December 11 2012 22:55 UTC Task Needs More Work

One of the mentors has sent this task back for more work. Talk to the mentor(s) assigned to this task to satisfy the requirements needed to complete this task, submit your work again and mark the task as complete once you re-submit your work.

Matthew on December 11 2012 23:03 UTC Ready for review

The work on this task is ready to be reviewed.

Aleksej Saushev on December 11 2012 23:04 UTC Task Closed

Congratulations, this task has been completed successfully.