Menu
▾
▴
Re: [Pam-mysql-general] SELECT returned no result
|
From: xyon <xy...@in...> - 2007-04-04 14:00:13
|
Thank you very much for the samples! I've extracted your data and have
come up with the below configs.
Yet, I am still getting the same error that SELECT returned no result. I
can run the same query with results just fine manually as the scalix
user from the scalix host. I've gone from pam_mysql 0.6.2 to 0.7RC1, yet
the same results.
# cat /var/opt/scalix/sx/s/sys/pam.d/ual.remote
#%PAM-1.0
#auth required /lib/security/pam_stack.so service=3Dsystem-auth
#account required /lib/security/pam_stack.so service=3Dsystem-auth
auth sufficient /lib/security/pam_mysql.so
config_file=3D/etc/pam-mysql.conf
account sufficient /lib/security/pam_mysql.so
config_file=3D/etc/pam-mysql.conf
# cat /etc/pam-mysql.conf
users.host =3D 127.0.0.1;
users.database =3D staging;
users.db_user =3D scalix;
users.db_passwd =3D mypass;
#users.where_clause =3D domainusers.active =3D 1 and domains.active=3D1 and
servers.active =3D 1 and servers.server_name in ('servername','*');
#users.table =3D domainusers inner join domains on domainusers.domain_id =
=3D
domains.domain_id inner join servers on domains.server_id =3D
servers.server_id;
users.table =3D users;
users.user_column =3D scalix;
users.password_column =3D pwd;
#users.status_column =3D 'A';
users.password_crypt =3D 0;
users.use_323_password =3D false;
users.use_md5 =3D false;
users.update_table =3D ;
verbose =3D 1;
On Tue, 2007-04-03 at 15:51 -0700, Gary W. Smith wrote:
> Hmm, I guess I didn't use the complete SQL statement. That was
> nss-mysql. Anyway, here is my pam-mysql statement. This may or may not
> work for you. I have to create a custom patch of either pam-mysql or
> nss-mysql to use my complicated joins. I can't remember which one off
> the top of my head and the code isn't redily available where I'm at
> today. Anyway, here is the pam.d/ file and the pam-mysql.conf file
> (which is loaded from the pam.d/ file).
>=20
> Please note that this is from one of our dev boxes and the passwords are
> in clear text
>=20
> Hope this helps.
>=20
> [root@ etc]# cat pam.d/pop3
> #%PAM-1.0
> #auth required /lib/security/pam_stack.so service=3Dsystem-auth
> #account required /lib/security/pam_stack.so service=3Dsystem-auth
>=20
> auth sufficient /lib/security/pam_mysql.so
> config_file=3D/etc/pam-mysql.conf
> auth required /lib/security/pam_stack.so service=3Dsystem-auth
> account sufficient /lib/security/pam_mysql.so
> config_file=3D/etc/pam-mysql.conf
> account required /lib/security/pam_stack.so service=3Dsystem-auth
> session required pam_mkhomedir.so skel=3D/etc/skel umask=3D007=
7
>=20
> [root@ etc]# cat pam-mysql.conf=20
> users.host =3D ;
> users.database =3D ;
> users.db_user =3D ;
> users.db_passwd =3D ;
>=20
> users.where_clause =3D domainusers.active =3D 1 and domains.active=3D1 an=
d
> servers.active =3D 1 and servers.server_name in ('servername','*');
>=20
> users.table =3D domainusers inner join domains on domainusers.domain_id =
=3D
> domains.domain_id inner join servers on domains.server_id =3D
> servers.server_id;
>=20
> users.user_column =3D domainusers.user_name;
> users.password_column =3D domainusers.shell_password;
> users.status_column =3D 'A';
> users.password_crypt =3D 0;
> users.use_323_password =3D false;
> users.use_md5 =3D false;
> users.update_table =3D ;
>=20
> verbose =3D 0;
>=20
>=20
> > -----Original Message-----
> > From: pam...@li... [mailto:pam-
> > mys...@li...] On Behalf Of xyon
> > Sent: Tuesday, April 03, 2007 3:44 PM
> > To: Gary W. Smith
> > Cc: pam...@li...
> > Subject: Re: [Pam-mysql-general] SELECT returned no result
> >=20
> > Hi Gary,
> >=20
> > Thank you so much for your reply.
> >=20
> > I thought I had debugging turned on with "verbose=3D1", but perhaps
> > there's even more verbose debugging available?
> >=20
> > Here is what I've extracted from /var/log/secure (I apologize for the
> > bad formatting in my previous message):
> > pam_mysql - SELECT pwd FROM users WHERE scalix =3D 'UserTestscalixTest
> > User'
> >=20
> > I didn't realize you could use a fully customized SQL statement with
> > PAM_MySQL. Would you mind sharing some of your config, please?
> >=20
> > Thank you,
> >=20
> > On Tue, 2007-04-03 at 15:17 -0700, Gary W. Smith wrote:
> > > Xyon,
> > >
> > > Try to turn on debugging for pam-mysql. If you do that then it will
> > > put the full SQL statement executed into the security log (or
> > > /var/log/secure on Linux). This will help see what pam-mysql is
> > > thinking. It's possible that it's doing something completely
> > > different than what your are expecting.
> > >
> > > Personally I use a custom SQL statement with pam-mysql.
> > >
> > > Hope that helps.
> > >
> > > Gary Wayne Smith
> > >
> > > > -----Original Message-----
> > > > From: pam...@li... [mailto:pam-
> > > > mys...@li...] On Behalf Of xyon
> > > > Sent: Tuesday, April 03, 2007 2:06 PM
> > > > To: pam...@li...
> > > > Subject: [Pam-mysql-general] SELECT returned no result
> > > >
> > > > Good day to everyone,
> > > >
> > > > I am having a hard time getting pam_mysql to work with a custom
> > > > database. Here is some information:
> > > >
> > > >
> > > > Code:
> > > >
> > > > # grep -v ^# /var/opt/scalix/sx/s/sys/pam.d/ual.remote
> > > >
> > > > auth sufficient /lib/security/pam_mysql.so \
> > > > user=3Dscalix passwd=3Dmypass \
> > > > host=3D127.0.0.1 db=3Dstaging table=3Duse=
rs \
> > > > usercolumn=3Dscalix passwdcolumn=3Dpwd \
> > > > crypt=3D0 verbose=3D1
> > > > auth required pam_deny
> > > >
> > > > account required om_auth
> > > > password required om_auth nullok
> > > >
> > > >
> > > > /var/log/secure:
> > > > Code:
> > > >
> > > > Apr 2 17:24:45 scalix in.imap41d: pam_mysql - SELECT pwd FROM
> > users
> > > > WHERE scalix =3D 'UserTestscalixTest User'
> > > > Apr 2 17:24:45 scalix in.imap41d: pam_mysql - SELECT returned
> > no
> > > > result.
> > > > Apr 2 17:24:45 scalix in.imap41d: pam_mysql -
> > > pam_mysql_check_passwd()
> > > > returning 1.
> > > > Apr 2 17:24:45 scalix in.imap41d: pam_mysql -
> > pam_sm_authenticate()
> > > > returning 10.
> > > >
> > > >
> > > >
> > > > Code:
> > > >
> > > > mysql> SELECT pwd FROM users WHERE scalix =3D 'UserTestscalixTest
> > > > mysql> User';
> > > > +------+
> > > > | pwd |
> > > > +------+
> > > > | test |
> > > > +------+
> > > > 1 row in set (0.00 sec)
> > > >
> > > > mysql>
> > > >
> > > >
> > > >
> > > > As you can see running the query manually brings back results, but
> > > > it appears it doesn't when run from pam_mysql.
> > > >
> > > > Perhaps I have a misconfiguration in the ual.remote file? The
> > > > ual.remote file is used by Scalix to login web/imap/pop users.
> > > >
> > > > Is there a way to test pam_mysql without scalix being involved so
> I
> > > can
> > > > narrow down the culprits?
> > > >
> > > > Thanks,
> > > >
> > > > --
> > > > xyon
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > -
> > > -
> > > > --
> > > > "They who can give up essential liberty to obtain a little
> > temporary
> > > > safety deserve neither liberty nor safety." --Benjamin Franklin
> > > >
> > >
> ---------------------------------------------------------------------
> > -
> > > -
> > > > --
> > >
> > --
> > xyon
> >=20
> >
> -----------------------------------------------------------------------
> > --
> > "They who can give up essential liberty to obtain a little temporary
> > safety deserve neither liberty nor safety." --Benjamin Franklin
> >
> -----------------------------------------------------------------------
> > --
>=20
--=20
xyon
-------------------------------------------------------------------------
"They who can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." --Benjamin Franklin
-------------------------------------------------------------------------
|
