PostgreSQL
20.13. PAM Authentication
This authentication method operates similarly to password
except that it uses PAM (Pluggable Authentication Modules) as the authentication mechanism. The default PAM service name is postgresql
. PAM is used only to validate user name/password pairs and optionally the connected remote host name or IP address. Therefore the user must already exist in the database before PAM can be used for authentication. For more information about PAM, please read the Linux-PAM Page.
The following configuration options are supported for PAM:
pamservice
-
PAM service name.
pam_use_hostname
-
Determines whether the remote IP address or the host name is provided to PAM modules through the
PAM_RHOST
item. By default, the IP address is used. Set this option to 1 to use the resolved host name instead. Host name resolution can lead to login delays. (Most PAM configurations don’t use this information, so it is only necessary to consider this setting if a PAM configuration was specifically created to make use of it.)
Submit correction
If you see anything in the documentation that is not correct, does not match your experience with the particular feature or requires further clarification, please use this form to report a documentation issue.
Copyright © 1996-2023 The PostgreSQL Global Development Group