aftering install pam-mysql and getting the whole authentication process to work I restarted my MySQL server and it failed to start again compaining that the mysqld user cant be found.
obvisouly then trying to log in as any other user that I created
had failed aswell as mysql server no longer starts up.
Is there a way I can exclude those critical usernames from
pam-mysql so the user root can be read from the default /etc/passwd file along with maybe the sshd user and mysqld user or is there something my missing ?
Thanks
Ilo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ilo,
It sounds as if you have added the pam_mysql module as a required module for login. You most likely did this by adding it to a generally referenced pam file. These are shortcuts; instead of having to define the same stack of modules eight times over, you can make one file and have each service reference it. This saves a lot of work, but as in your case, can also cause unexpected services to rely on a stack you don't want relied upon.
I would check where and how you had set up the pam_mysql rule in pam. For instance, did you put the pam_mysql directive in a general reference file (i.e. /etc/pam.d/system-auth) or did you place it specifically in a service file (i.e. /etc/pam.d/sshd)?
For now, just comment out your pam_mysql lines and you will be able to restore normal operation. If you have managed to lock yourself out, use a linux boot cd or single user mode to recover. If you need to go this direction, there are plenty of tutorials out there; just search google.
I would highly suggest you consider making a new reference file (i.e. /etc/pam.d/mysql-auth) and making reference to your general reference file with the pam_mysql sprinkled in between where needed.
Also, make certain to look up the proper directives for pam. You might well have setup pam to run the pam_mysql as 'Required'. This means that all other successful entries will still fail a login. You will probably want to use 'Sufficient', but I would recommend reading up on it.
Take a look here: <http://aplawrence.com/Basics/understandingpam.html>
Take Care. -Cheers, Peter.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
aftering install pam-mysql and getting the whole authentication process to work I restarted my MySQL server and it failed to start again compaining that the mysqld user cant be found.
obvisouly then trying to log in as any other user that I created
had failed aswell as mysql server no longer starts up.
Is there a way I can exclude those critical usernames from
pam-mysql so the user root can be read from the default /etc/passwd file along with maybe the sshd user and mysqld user or is there something my missing ?
Thanks
Ilo
Ilo,
It sounds as if you have added the pam_mysql module as a required module for login. You most likely did this by adding it to a generally referenced pam file. These are shortcuts; instead of having to define the same stack of modules eight times over, you can make one file and have each service reference it. This saves a lot of work, but as in your case, can also cause unexpected services to rely on a stack you don't want relied upon.
I would check where and how you had set up the pam_mysql rule in pam. For instance, did you put the pam_mysql directive in a general reference file (i.e. /etc/pam.d/system-auth) or did you place it specifically in a service file (i.e. /etc/pam.d/sshd)?
For now, just comment out your pam_mysql lines and you will be able to restore normal operation. If you have managed to lock yourself out, use a linux boot cd or single user mode to recover. If you need to go this direction, there are plenty of tutorials out there; just search google.
I would highly suggest you consider making a new reference file (i.e. /etc/pam.d/mysql-auth) and making reference to your general reference file with the pam_mysql sprinkled in between where needed.
Also, make certain to look up the proper directives for pam. You might well have setup pam to run the pam_mysql as 'Required'. This means that all other successful entries will still fail a login. You will probably want to use 'Sufficient', but I would recommend reading up on it.
Take a look here: <http://aplawrence.com/Basics/understandingpam.html>
Take Care. -Cheers, Peter.