Menu
▾
▴
Re: [Pam-mysql-general] what the error code of the methods mean ?
|
From: Gary W. S. <ga...@pr...> - 2006-10-22 19:41:22
|
So it works with clear text. Now try using one of the encrypted methods and see if that works. If it doesn't them more than likely the way you are storing the password in mysql isn't compatible with the native methods supported by pam_mysql. If this is the case you are caught in a pickle... In our case we modified pam_mysql to support our own methodology. =20 Also, I would recommend storing everything in a config file rather than in the pam lines. This way you only have to change it in one place. =20 Here is an example of my config file from dev. =20 /etc/pam-mysql.conf (permissions is 600) users.host =3D 10.0.94.15; users.database =3D auth-dev; users.db_user =3D auth-reader; users.db_passwd =3D password; users.where_clause =3D users.active=3D1; users.table =3D users; users.user_column =3D users.user_name; users.password_column =3D users.shell_password; users.status_column =3D 'A'; users.password_crypt =3D 0; users.use_323_password =3D false; users.use_md5 =3D false; users.update_table =3D ; verbose =3D 1; =20 /etc/pam.d/ftp (permissions is 644) #%PAM-1.0 # Currently used by proftpd auth sufficient /lib/security/pam_mysql.so config_file=3D/etc/pam-mysql.conf auth required /lib/security/pam_pwdb.so shadow nullok account sufficient /lib/security/pam_mysql.so config_file=3D/etc/pam-mysql.conf account required /lib/security/pam_pwdb.so session required pam_mkhomedir.so skel=3D/etc/skel = umask=3D0077 =20 =20 =20 ________________________________ From: kamtcha [mailto:ka...@gm...]=20 Sent: Sunday, October 22, 2006 12:30 PM To: Gary W. Smith Cc: pam...@li... Subject: Re: [Pam-mysql-general] what the error code of the methods mean ? =20 Hi Gary,=20 =20 Thanks for your help - I'm in fact trying to do something quite complexe which is trying to setup virtual users authenticated with pam_mysql.=20 =20 I ran the SQL statement alone, and it does return the right password.=20 =20 I inserted the password in clear, and set the 'crypt' attribute to 0. Here is my vsftpd file located in /etc/pam.d :=20 =20 auth required pam_mysql.so host=3Dlocalhost db=3Dbookmi = user=3DXXXX passwd=3DXXXXX table=3Dusers usercolumn=3Duser_name = passwdcolumn=3Dpassword crypt=3D0 verbose=3D1 account required pam_mysql.so host=3Dlocalhost db=3Dbookmi user=3DXXXX passwd=3DXXXXX table=3Dusers usercolumn=3Duser_name passwdcolumn=3Dpassword crypt=3D0 verbose=3D1 =20 And now it works... Don't know what change made it working ! =20 Thx for your reply,=20 Seb =20 =20 On 21 Oct 2006, at 01:10, Gary W. Smith wrote: Hello, =20 Try posting the relevant sections of you pam-mysql.conf file. =20 I don't remember what return value 6 is (as I dug into the code and made some changes myself) but you might want to look that up in the source. I suspect that it's one of two things; record not found or password doesn't match. =20 Try running the sql statement in manually and see if it does indeed return a code. =20 The other thing I would recommend trying (only for development though) is to use clear text passwords first and see if auth works. Then use your preferred method once things are working fine. When we first tried this we run into the issue of our tools using a different method than pam-mysql for the encryption of the password.=20 =20 Gary Wayne Smith =20 =20 =20 ________________________________ From: pam...@li... [mailto:pam...@li...] On Behalf Of kamtcha Sent: Friday, October 20, 2006 3:01 PM To: pam...@li... Subject: [Pam-mysql-general] what the error code of the methods mean ? =20 Hi guys,=20 =20 I posted a help message on the forum few days ago, but it does not seem to be very active, I hope someone will be able to help me o this list ?=20 =20 I'm stuck with the error code returned by the fonctions of pam-mysql, I don't know if the different methods are successful or not (well, they arn't as I can't be authenticated, but I don't know *why*) =20 pam_mysql - option verbose is set to "1"=20 pam_mysql - pam_mysql_close_db() called.=20 pam_mysql - pam_sm_authenticate() called.=20 pam_mysql - pam_mysql_converse() called.=20 pam_mysql - pam_mysql_open_db() called.=20 pam_mysql - pam_mysql_open_db() returning 0.=20 pam_mysql - pam_mysql_check_passwd() called.=20 pam_mysql - pam_mysql_format_string() called=20 pam_mysql - pam_mysql_quick_escape() called.=20 pam_mysql - SELECT password FROM users WHERE user_name =3D 'user1'=20 pam_mysql - pam_mysql_sql_log() called.=20 pam_mysql - pam_mysql_sql_log() returning 0.=20 pam_mysql - pam_mysql_check_passwd() returning 6.=20 pam_mysql - pam_sm_authenticate() returning 7.=20 pam_mysql - pam_mysql_release_ctx() called.=20 pam_mysql - pam_mysql_destroy_ctx() called.=20 pam_mysql - pam_mysql_close_db() called.=20 =20 =20 All the details are here: http://sourceforge.net/forum/forum.php?thread_id=3D1595166&forum_id=3D176= 91 <http://sourceforge.net/forum/forum.php?thread_id=3D1595166&forum_id=3D17= 691 >=20 =20 Please can you help me ? =20 Seb =20 |
