How do I debug the libnss-mysql setup? I've configured everything properly as far as I can see, but when I try to login as a user i've created in mysql it says user unknown. Looking in /var/log/auth.log and syslog I don't see anything in there saying why it couldn't.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for response, my problem was I didn't restart all the services, I actually just rebooted and it fixed my initial problem. I wasn't getting any messages logged in /var/log/auth.log. Now that I am getting messages in here it's at least giving me some more insight as to where to look next.
Here is my next issue. This is from /var/log/auth.log
Oct 14 15:21:50 lee-laptop passwd[6614]: pam_unix(passwd:chauthtok): user "spencer" does not exist in /etc/passwd
Oct 14 15:21:50 lee-laptop passwd[6614]: pam_mysql - MySQL error (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM user WHERE user.user_name = 'spencer'' at line 1)
Maybe i need more parameters in the pam config files? I am using debian/ubuntu so I use all the common-* files. This what I have.
I'm not sure what the problem was, but instead of following an online guide, i just used the sample.sql and re-configured everything and it all works now.
Only problem is a mysql user cannot change there own password i get: pam_mysql - only super user is allowed to change authentication token.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
NSS (the API I hook into) is incapable of changing passwords -- only PAM can do that. I've thought about writing a module for that (and there's already one out there -- I don't know if it can do it)... but the security implications are crazy because of lingering information in RAM since the user's process would have to pull in a MySQL username and password that's capable of WRITING to the MySQL database... I haven't really thought it through enough.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How do I debug the libnss-mysql setup? I've configured everything properly as far as I can see, but when I try to login as a user i've created in mysql it says user unknown. Looking in /var/log/auth.log and syslog I don't see anything in there saying why it couldn't.
Hi Lee,
Please have a look at http://libnss-mysql.sourceforge.net/libnss-mysql/DEBUGGING and let me know if you have any questions specific to that document.
Regards,
-=| Ben
Hi Ben,
Thanks for response, my problem was I didn't restart all the services, I actually just rebooted and it fixed my initial problem. I wasn't getting any messages logged in /var/log/auth.log. Now that I am getting messages in here it's at least giving me some more insight as to where to look next.
Here is my next issue. This is from /var/log/auth.log
Oct 14 15:21:50 lee-laptop passwd[6614]: pam_unix(passwd:chauthtok): user "spencer" does not exist in /etc/passwd
Oct 14 15:21:50 lee-laptop passwd[6614]: pam_mysql - MySQL error (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM user WHERE user.user_name = 'spencer'' at line 1)
Maybe i need more parameters in the pam config files? I am using debian/ubuntu so I use all the common-* files. This what I have.
password required pam_mysql.so nullok user=nss-shadow passwd=mypass db=nss_mysql table=user usercolumn=user.user_name passwordcolumn=user.password crypt=1
thanks!
I'm not sure what the problem was, but instead of following an online guide, i just used the sample.sql and re-configured everything and it all works now.
Only problem is a mysql user cannot change there own password i get: pam_mysql - only super user is allowed to change authentication token.
NSS (the API I hook into) is incapable of changing passwords -- only PAM can do that. I've thought about writing a module for that (and there's already one out there -- I don't know if it can do it)... but the security implications are crazy because of lingering information in RAM since the user's process would have to pull in a MySQL username and password that's capable of WRITING to the MySQL database... I haven't really thought it through enough.