pam_pgsql 0.5
=============

Introduction
============

This module provides support to authenticate against PostgreSQL
tables for PAM-enabled appliations.

This module is based in part on the FreeBSD pam_unix module, and
the Debian pam_mysql module, but was written from scratch using
the two as a reference.

There is another pam_pgsql module, but the sources appear to have
vanished, hence this module.

Changes since last release
==========================

See the file debian/changelog.

Compilation & Installation
==========================

pam_pgsql is now autoconf'ed, thus, compiling should be a matter
of:

    $ ./configure
    $ make
    $ make install

Compilation has been tested on Debian GNU/Linux and FreeBSD 4.0/5.0

On Debian, you will need the libpam0g-dev, postgresql-dev and libmhash-dev
packages to compile.

On FreeBSD you will have to install the postgresql/postgresql7 port, and
the security/mhash port.

See test.c for an example application that authenticates using
this module.

Configuration
=============

For the service you wish the module to be used, you need
to edit the /etc/pam.d/<service> file or /etc/pam.conf, and 
add the relevant lines.

For example:

auth        required    pam_pgsql.so 
account     required    pam_pgsql.so
password    required    pam_pgsql.so

Configure the database, and table the module should use with
the configuration file /etc/pam_pgsql.conf. An example of
this file:

database = sysdb
user = ljb
table = account
user_column = user_name
pwd_column = user_password
expired_column = acc_expired
newtok_column = acc_new_pwreq
debug

Note that for backwards compatibility with earlier versions, options specified
in the configuration file can be supplied as module arguments as well. Module
arguments will override the configuration file.

Configuration Options
=====================

    database            - the database which should be connected to
    table               - the table containing the authentication data
    user                - the username used when connecting to PostgreSQL
    password            - the password for the user specified
    user_column         - the column containing usernames
    pwd_column          - the column containing the passwords
    expired_column      - this column should contain '1' or 'y' if the account
                          has expired
    newtok_column       - this column should contain '1' or 'y' if the user
                          needs to change their password
    debug               - this is a standard module option that will enable
                          debug output to syslog (takes no values)
    pwtype              - specifies the password encryption scheme, can be one
                          of 'clear', 'md5', or 'crypt'. defaults to 'clear'.
