Menu
▾
▴
[Pam-mysql-general] PAM-mysql seems not work
|
From: Adrian M. <mak...@gm...> - 2005-08-20 09:42:52
|
During reading postfix installation guide on the Internet , I found that to let SASL authenciate against a mysql db, besides compiling SASL to support mysql (direct authenicate) , another method is to let SASL use PAM and let PAM to authenticate against a mysql db. Using PAM is far more simply as I don't need to add MD5 patch and reconmpile SASL. PAM-Mysql does support MD5. I downloaded pam-mysql 0.6 tarball I performed ./configure --with-mysql=3D/usr/local/mysql --with-openssl --with-sas2 during the configuration process, checking if "/usr/local/mysql" is a mysql_config script... no checking mysql_config availability in /usr/local/mysql/bin... yes checking for mysql_real_query... yes checking for mysql_real_escape_string... yes checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for openssl_CFLAGS... -I/usr/kerberos/include checking for openssl_LIBS... -L/usr/kerberos/lib -lssl -lcrypto -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz checking pam_appl.h usability... yes checking pam_appl.h presence... yes checking for pam_appl.h... yes checking pam_modules.h usability... yes checking PAM_CONV_AGAIN availability... yes checking PAM_INCOMPLETE availability... yes checking if the second argument of pam_get_user() takes const pointer... ye= s checking if the third argument of pam_get_data() takes const pointer... yes checking if the third argument of pam_get_item() takes const pointer... yes checking if the second argument of pam_conv.conv() takes const pointer... y= es checking if md5.h is derived from Cyrus SASL Version 1... yes checking for crypt in -lcrypt... yes checking for crypt... yes configure: creating ./config.status config.status: creating Makefile does it mean it can find mysql & sasl libraries and headers ? and also during the make process, it is linking to mysql libraries and database Then I copied pam_mysql.so to /lib/security/ I created /etc/pam.d/smtp, add two lines is added auth sufficient pam_mysql.so user=3Dpostfixuser passwd=3Duserpostfix host=3Dlocalhost db=3Dpostfix table=3Dmailbox usercolumn=3Dusername passwdcolumn=3Dpassword crypt=3D1 account sufficient pam_mysql.so user=3Dpostfixuser passwd=3Duserpostfix host=3Dlocalhost db=3Dpostfix table=3Dmailbox usercolumn=3Dusername passwdcolumn=3Dpassword crypt=3D1 restart sasuthd and postfix I tried testsaslauth to test whether it can authenitcate user which stored = in db # /usr/sbin/testsaslauthd -u adr...@ex... -p secret 0: NO "authentication failed" /var/log/message showed Aug 20 10:46:12 dmhy imap(pam_unix)[19757]: check pass; user unknown Aug 20 10:46:12 dmhy imap(pam_unix)[19757]: authentication failure; logname=3D uid=3D0 euid=3D0 tty=3D ruser=3D rhost=3D Aug 20 10:46:14 dmhy saslauthd[19757]: do_auth : auth failure: [user=3Da...@ex...] [service=3Dimap] [realm=3D] [mech=3Dpam] [reason=3DPAM auth error] What's wrong with it ? |
