I am having problems with PAM/MySQL authentication.
I have no problems logging in to the svn server thought ssh and authentication via the PAM server works. However when I use PAM to authenticate through SVN I am getting DB errors in the logs. Looking at the MySQL query logs I can see that the (Password) query that is being issued to MySQL is incomplete. As far as I know all Apache and Pam config files are correct. I decided to compare the mysql query logs on the currently working server and the new not working server . This comparison is in the end of the e-mail and this how I came to the conclusion that the query is incomplete.
Auth log on SVN server (svntest):
Oct 29 03:46:08 svntest nss-mysql[9707]: _nss_mysql_getspnam_r conf file parsing failed
Oct 29 03:46:08 svntest nss-mysql[9707]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168. 6.43 user=ppragin
Oct 29 03:46:08 svntest nss-mysql[9707]: pam_mysql - MySQL error(You have an error in your SQL syntax; check the manual that c
orresponds to your MySQL server version for the right syntax to use near 'FROM WHERE user.user_name = 'ppragin'' at line 1)
Apache log on SVN server(svntest):
[Mon Oct 29 03:17:49 2007] [error] [client 192.168.] (9)Bad file descriptor: Could not open password file: (null)
[Mon Oct 29 03:17:52 2007] [error] [client 192.168.] PAM: user 'ppragin' - not authenticated: Error in service module
Mysql query log from Pam server when running svn checkout from server (svntest):
131 Connect nss@svntest on nss_mysql
131 Query select user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.gid from user where
user.user_name='ppragin' and user.uid is not null and user.status = 'A' order by user.uid
132 Connect nss-shadow@svntest. on nss_mysql
132 Init DB nss_mysql
132 Query SELECT FROM WHERE user.user_name = 'ppragin'
132 Quit
Mysql query log from Pam server when running svn checkout from server (newsvn):
753 Connect nss@newsvn. on nss_mysql
753 Query select user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.gid from user where user.user_name='ppragin'
and user.uid is not null and user.status = 'A' order by user.uid
753 Query select user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.gid from user where user.user_name='ppragin'
and user.uid is not null and user.status = 'A' order by user.uid
754 Connect nss-shadow@newsvn. on nss_mysql
754 Init DB nss_mysql
754 Query SELECT user.Password FROM user WHERE user.user_name='ppragin'
754 Quit
The difference:
(svntest server) 132 Query SELECT FROM WHERE user.user_name = 'ppragin'
(newsvn server) 754 Query SELECT user.Password FROM user WHERE user.user_name='ppragin'
I can understand why “user.Password” is missing. This is how the password is acquired from table “user” field “Password”.
This is why authentication is failing. One thing I don’t understand is where the information provided for this query comes from.
I don’t see any mention of “user.Password” in any of the config files. Maybe I am missing a step? Any ideas?
Pavel
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1) Your errors are with nss-mysql and not pam-mysql, so you are posting in the wrong place. Sorry.
2) Your nssmysql.conf file should have a directive setting what the password column is. Check your configs again because I am willing to bet you are missing that directive there.
-Cheers, Peter.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am having problems with PAM/MySQL authentication.
I have no problems logging in to the svn server thought ssh and authentication via the PAM server works. However when I use PAM to authenticate through SVN I am getting DB errors in the logs. Looking at the MySQL query logs I can see that the (Password) query that is being issued to MySQL is incomplete. As far as I know all Apache and Pam config files are correct. I decided to compare the mysql query logs on the currently working server and the new not working server . This comparison is in the end of the e-mail and this how I came to the conclusion that the query is incomplete.
Auth log on SVN server (svntest):
Oct 29 03:46:08 svntest nss-mysql[9707]: _nss_mysql_getspnam_r conf file parsing failed
Oct 29 03:46:08 svntest nss-mysql[9707]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168. 6.43 user=ppragin
Oct 29 03:46:08 svntest nss-mysql[9707]: pam_mysql - MySQL error(You have an error in your SQL syntax; check the manual that c
orresponds to your MySQL server version for the right syntax to use near 'FROM WHERE user.user_name = 'ppragin'' at line 1)
Apache log on SVN server(svntest):
[Mon Oct 29 03:17:49 2007] [error] [client 192.168.] (9)Bad file descriptor: Could not open password file: (null)
[Mon Oct 29 03:17:52 2007] [error] [client 192.168.] PAM: user 'ppragin' - not authenticated: Error in service module
Mysql query log from Pam server when running svn checkout from server (svntest):
131 Connect nss@svntest on nss_mysql
131 Query select user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.gid from user where
user.user_name='ppragin' and user.uid is not null and user.status = 'A' order by user.uid
132 Connect nss-shadow@svntest. on nss_mysql
132 Init DB nss_mysql
132 Query SELECT FROM WHERE user.user_name = 'ppragin'
132 Quit
Mysql query log from Pam server when running svn checkout from server (newsvn):
753 Connect nss@newsvn. on nss_mysql
753 Query select user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.gid from user where user.user_name='ppragin'
and user.uid is not null and user.status = 'A' order by user.uid
753 Query select user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.gid from user where user.user_name='ppragin'
and user.uid is not null and user.status = 'A' order by user.uid
754 Connect nss-shadow@newsvn. on nss_mysql
754 Init DB nss_mysql
754 Query SELECT user.Password FROM user WHERE user.user_name='ppragin'
754 Quit
The difference:
(svntest server) 132 Query SELECT FROM WHERE user.user_name = 'ppragin'
(newsvn server) 754 Query SELECT user.Password FROM user WHERE user.user_name='ppragin'
I can understand why “user.Password” is missing. This is how the password is acquired from table “user” field “Password”.
This is why authentication is failing. One thing I don’t understand is where the information provided for this query comes from.
I don’t see any mention of “user.Password” in any of the config files. Maybe I am missing a step? Any ideas?
Pavel
Pavel,
Two key things...
1) Your errors are with nss-mysql and not pam-mysql, so you are posting in the wrong place. Sorry.
2) Your nssmysql.conf file should have a directive setting what the password column is. Check your configs again because I am willing to bet you are missing that directive there.
-Cheers, Peter.