Re: [Pam-mysql-general] PAM-mysql seems not work

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

On 2005/08/20, at 18:42, Adrian Mak wrote:

> During reading postfix installation guide on the Internet , I found
> that to let SASL authenciate against a mysql db, besides compiling
> SASL to support mysql (direct authenicate) , another method is to let
> SASL use PAM and let PAM to authenticate against a mysql db.
>
> Using PAM is far more simply as I don't need to add MD5 patch
> and reconmpile SASL. PAM-Mysql does support MD5.
>
> I downloaded pam-mysql 0.6 tarball
> I performed
>
> ./configure --with-mysql=/usr/local/mysql --with-openssl --with-sas2
> during the configuration process,
>
> checking if "/usr/local/mysql" is a mysql_config script... no
> checking mysql_config availability in /usr/local/mysql/bin... yes
> checking for mysql_real_query... yes
> checking for mysql_real_escape_string... yes
> checking for pkg-config... /usr/bin/pkg-config
> checking pkg-config is at least version 0.9.0... yes
> checking for openssl_CFLAGS... -I/usr/kerberos/include
> checking for openssl_LIBS... -L/usr/kerberos/lib -lssl -lcrypto
> -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto -lresolv -ldl -lz
> checking pam_appl.h usability... yes
> checking pam_appl.h presence... yes
> checking for pam_appl.h... yes
> checking pam_modules.h usability... yes
> checking PAM_CONV_AGAIN availability... yes
> checking PAM_INCOMPLETE availability... yes
> checking if the second argument of pam_get_user() takes const 
> pointer... yes
> checking if the third argument of pam_get_data() takes const 
> pointer... yes
> checking if the third argument of pam_get_item() takes const 
> pointer... yes
> checking if the second argument of pam_conv.conv() takes const 
> pointer... yes
> checking if md5.h is derived from Cyrus SASL Version 1... yes
> checking for crypt in -lcrypt... yes
> checking for crypt... yes
> configure: creating ./config.status
> config.status: creating Makefile
>
> does it mean it can find mysql & sasl libraries and headers ? and also
> during the make process, it is linking to mysql libraries and database

Yes. It went successfully.

> Then I copied pam_mysql.so to /lib/security/
> I created /etc/pam.d/smtp, add two lines is added
> auth            sufficient pam_mysql.so user=postfixuser
> passwd=userpostfix host=localhost db=postfix
>  table=mailbox usercolumn=username passwdcolumn=password crypt=1
> account         sufficient pam_mysql.so user=postfixuser
> passwd=userpostfix host=localhost db=postfix
>  table=mailbox usercolumn=username passwdcolumn=password crypt=1
>
> restart sasuthd and postfix
> I tried testsaslauth to test whether it can authenitcate user which 
> stored in db
> # /usr/sbin/testsaslauthd  -u adr...@ex... -p secret
> 0: NO "authentication failed"

You have to explicitly specify the service name to testsaslauthd,
with -s option. It should've been like:

testsaslauthd -u .... -p secret -s smtp

You may also want to check out the following entry in the FAQ:

http://pam-mysql.sourceforge.net/Documentation/FAQ.php#q5

Regards,
Moriyoshi