Menu
▾
▴
pam-mysql-general — A general list for PAM-MYSQL, subscribe if you want to ask anything :)
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(3) |
Jul
|
Aug
(2) |
Sep
(4) |
Oct
|
Nov
(6) |
Dec
(4) |
| 2003 |
Jan
(5) |
Feb
(4) |
Mar
(1) |
Apr
(2) |
May
(4) |
Jun
(7) |
Jul
(1) |
Aug
(3) |
Sep
(5) |
Oct
(11) |
Nov
(7) |
Dec
(5) |
| 2004 |
Jan
(3) |
Feb
|
Mar
|
Apr
(2) |
May
(1) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(6) |
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
(11) |
Jul
(14) |
Aug
(2) |
Sep
(20) |
Oct
(4) |
Nov
|
Dec
|
| 2006 |
Jan
(9) |
Feb
|
Mar
(5) |
Apr
(4) |
May
(3) |
Jun
(4) |
Jul
(4) |
Aug
(1) |
Sep
(3) |
Oct
(9) |
Nov
(16) |
Dec
(12) |
| 2007 |
Jan
(24) |
Feb
(12) |
Mar
(5) |
Apr
(23) |
May
(3) |
Jun
(14) |
Jul
(3) |
Aug
(6) |
Sep
(4) |
Oct
(2) |
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
(1) |
Mar
(1) |
Apr
(16) |
May
(10) |
Jun
(8) |
Jul
(24) |
Aug
(11) |
Sep
(2) |
Oct
|
Nov
(2) |
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(1) |
| 2010 |
Jan
(5) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <jo...@no...> - 2004-10-05 17:08:08
|
Although I have no experience with vsftpd, I would like to add some suggestions. See what happens when you alter the /etc/pam.d/vsftp to something like this: auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed auth optional pam_mysql.so user=root passwd=<pass> db=filexfer table=user usercolumn=username passwdcolumn=passwd crypt=0 sqllog=0 account required pam_mysql.so user=root passwd=<pass> db=filexfer table=user usercolumn=username passwdcolumn=passwd crypt=0 sqllog=0 I took out 4 of the auth lines since it could be that system-auth pam.d file is causing a requirement to go unfulfilled. Let me know how it turns out, if not I can attempt to duplicate the problem tomorrow. - Joe > Send Pam-mysql-general mailing list submissions to > pam...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/pam-mysql-general > or, via email, send a message with subject or body 'help' to > pam...@li... > > You can reach the person managing the list at > pam...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pam-mysql-general digest..." > > > Today's Topics: > > 1. pam_mysql + vsftpd (Anoop Bhat) > > --__--__-- > > Message: 1 > Date: Mon, 04 Oct 2004 16:46:37 -0500 > From: "Anoop Bhat" <ab...@in...> > To: pam...@li... > Subject: [Pam-mysql-general] pam_mysql + vsftpd > > Hi, > > I've sent this email to the vsftpd developer as well and wondering if i > can get some ideas on what i'm doing wrong here. > > has anyone got vsftpd and mysql working together for auth on rhel 3? > > here is the mail i sent to chris evans, anyone have any idea where my > configs are failing? > > ==================== > Hi Chris, > > I'm trying to implement vsftpd with pam_mysql and the documentation out > there for it is quite scarce. Perhaps you can help me identify the > problem? > > I think you will find this info useful > > I'm running Redhat Enterprise 3.0 on an HP Proliant DL360 G2. > > Mysql and VSFTPD are installed and so is pam_mysql.so in /lib/security. > The db is filexfer and the table is user and the passwords are stored in > clear text (not my implementation). > > my /etc/pam.d/vsftp contains > > auth required pam_listfile.so item=user sense=deny > file=/etc/vsftpd.ftpusers onerr=succeed > auth required pam_stack.so service=system-auth > auth required pam_shells.so > account required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > > auth optional pam_mysql.so user=root passwd=<pass> db=filexfer > table=user usercolumn=username passwdcolumn=passwd crypt=0 sqllog=0 > account required pam_mysql.so user=root passwd=<pass> db=filexfer > table=user usercolumn=username passwdcolumn=passwd crypt=0 sqllog=0 > > > and I am able to log select statements as well > > mysqld.log shows > > 041004 13:09:41 4 Connect root@localhost on filexfer > 4 Init DB filexfer > 4 Query SELECT passwd FROM user WHERE > username='jbayerdc' > 4 Quit > > > when jbayerdc tries to log in. Note that jbayerdc is not a system > account at all. my personal account on the system however does have > access. > > /var/log/messages shows > > Oct 4 13:09:41 testkick vsftpd(pam_unix)[1684]: check pass; user unknown > Oct 4 13:09:41 testkick vsftpd(pam_unix)[1684]: authentication failure; > logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1 > Oct 4 13:09:41 testkick vsftpd[1684]: pam_sm_authenticate called. > Oct 4 13:09:41 testkick vsftpd[1684]: dbuser changed. > Oct 4 13:09:41 testkick vsftpd[1684]: dbpasswd changed. > Oct 4 13:09:41 testkick vsftpd[1684]: database changed. > Oct 4 13:09:41 testkick vsftpd[1684]: table changed. > Oct 4 13:09:41 testkick vsftpd[1684]: usercolumn changed. > Oct 4 13:09:41 testkick vsftpd[1684]: passwdcolumn changed. > Oct 4 13:09:41 testkick vsftpd[1684]: crypt changed. > Oct 4 13:09:41 testkick vsftpd[1684]: sqllog changed. > Oct 4 13:09:41 testkick vsftpd[1684]: db_connect called. > Oct 4 13:09:41 testkick vsftpd[1684]: returning 0 . > Oct 4 13:09:41 testkick vsftpd[1684]: db_checkpasswd called. > Oct 4 13:09:41 testkick vsftpd[1684]: pam_mysql: where clause = > Oct 4 13:09:41 testkick vsftpd[1684]: SELECT passwd FROM user WHERE > username='jbayerdc' > Oct 4 13:09:41 testkick vsftpd[1684]: sqlLog called. > Oct 4 13:09:41 testkick vsftpd[1684]: returning 0 . > Oct 4 13:09:41 testkick vsftpd[1684]: returning 0. > > > logging in shows > > Connected to localhost (127.0.0.1). > 220 (vsFTPd 1.2.0) > Name (localhost:anoop): jbayerdc > 331 Please specify the password. > Password: > 530 Login incorrect. > Login failed. > ftp> bye > 221 Goodbye. > > > Any reason as to why its not logging in? Thanks in advance for any help > you can provide. > > btw, are there any mailing lists regarding vsftpd? > > thanks > > Anoop > ====================== > > any ideas? > > thanks > > anoop > > > > --__--__-- > > _______________________________________________ > Pam-mysql-general mailing list > Pam...@li... > https://lists.sourceforge.net/lists/listinfo/pam-mysql-general > > > End of Pam-mysql-general Digest > |
|
From: Anoop B. <ab...@in...> - 2004-10-04 21:47:27
|
Hi,
I've sent this email to the vsftpd developer as well and wondering if i
can get some ideas on what i'm doing wrong here.
has anyone got vsftpd and mysql working together for auth on rhel 3?
here is the mail i sent to chris evans, anyone have any idea where my
configs are failing?
====================
Hi Chris,
I'm trying to implement vsftpd with pam_mysql and the documentation out
there for it is quite scarce. Perhaps you can help me identify the problem?
I think you will find this info useful
I'm running Redhat Enterprise 3.0 on an HP Proliant DL360 G2.
Mysql and VSFTPD are installed and so is pam_mysql.so in /lib/security.
The db is filexfer and the table is user and the passwords are stored in
clear text (not my implementation).
my /etc/pam.d/vsftp contains
auth required pam_listfile.so item=user sense=deny
file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
auth optional pam_mysql.so user=root passwd=<pass> db=filexfer
table=user usercolumn=username passwdcolumn=passwd crypt=0 sqllog=0
account required pam_mysql.so user=root passwd=<pass> db=filexfer
table=user usercolumn=username passwdcolumn=passwd crypt=0 sqllog=0
and I am able to log select statements as well
mysqld.log shows
041004 13:09:41 4 Connect root@localhost on filexfer
4 Init DB filexfer
4 Query SELECT passwd FROM user WHERE
username='jbayerdc'
4 Quit
when jbayerdc tries to log in. Note that jbayerdc is not a system
account at all. my personal account on the system however does have access.
/var/log/messages shows
Oct 4 13:09:41 testkick vsftpd(pam_unix)[1684]: check pass; user unknown
Oct 4 13:09:41 testkick vsftpd(pam_unix)[1684]: authentication failure;
logname= uid=0 euid=0 tty= ruser= rhost=127.0.0.1
Oct 4 13:09:41 testkick vsftpd[1684]: pam_sm_authenticate called.
Oct 4 13:09:41 testkick vsftpd[1684]: dbuser changed.
Oct 4 13:09:41 testkick vsftpd[1684]: dbpasswd changed.
Oct 4 13:09:41 testkick vsftpd[1684]: database changed.
Oct 4 13:09:41 testkick vsftpd[1684]: table changed.
Oct 4 13:09:41 testkick vsftpd[1684]: usercolumn changed.
Oct 4 13:09:41 testkick vsftpd[1684]: passwdcolumn changed.
Oct 4 13:09:41 testkick vsftpd[1684]: crypt changed.
Oct 4 13:09:41 testkick vsftpd[1684]: sqllog changed.
Oct 4 13:09:41 testkick vsftpd[1684]: db_connect called.
Oct 4 13:09:41 testkick vsftpd[1684]: returning 0 .
Oct 4 13:09:41 testkick vsftpd[1684]: db_checkpasswd called.
Oct 4 13:09:41 testkick vsftpd[1684]: pam_mysql: where clause =
Oct 4 13:09:41 testkick vsftpd[1684]: SELECT passwd FROM user WHERE
username='jbayerdc'
Oct 4 13:09:41 testkick vsftpd[1684]: sqlLog called.
Oct 4 13:09:41 testkick vsftpd[1684]: returning 0 .
Oct 4 13:09:41 testkick vsftpd[1684]: returning 0.
logging in shows
Connected to localhost (127.0.0.1).
220 (vsFTPd 1.2.0)
Name (localhost:anoop): jbayerdc
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> bye
221 Goodbye.
Any reason as to why its not logging in? Thanks in advance for any help
you can provide.
btw, are there any mailing lists regarding vsftpd?
thanks
Anoop
======================
any ideas?
thanks
anoop
|
|
From: <jo...@no...> - 2004-04-09 23:41:04
|
OK...so I saw a post to the forum with a question about sqllog not sending
a hostname to the log table. I am having the same problem with no errors
being presented. I found that the hostname lookup is failing:
if (getpeername(0, (struct sockaddr *) &remoteaddr, &salen) == 0 &&
remoteaddr.sin_family == AF_INET)
and is therefore being set to "".
Was this issue ever resolved for that user? Is anyone else having this
issue? I am running RedHat 9. Any ideas about what could be the problem
would be greatly appreciated.
Thanks.
|
|
From: <lst...@kw...> - 2004-01-15 13:21:58
|
Zitat von TAX <TA...@pe...>: > i use use pam_mysql system happen error below > > > [root@xzdb src]# ls > pam_mysql pam_mysql-0.5.tar.gz > [root@xzdb src]# cd pam_mysql > [root@xzdb pam_mysql]# ls > Changelog CREDITS Makefile Makefile.bsd pam_mysql.c Readme > [root@xzdb pam_mysql]# vi +54 pam_mysql.c > [root@xzdb pam_mysql]# make > mkdir -p ./dynamic > gcc -O2 -Dlinux -DLINUX_PAM -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings > -Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional > -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline > -Wshadow -pedantic -fPIC -DPAM_DYNAMIC -c pam_mysql.c -o > dynamic/pam_mysql.o > gcc -shared -Xlinker -x -L/usr/lib/mysql -lz -o pam_mysql.so > dynamic/pam_mysql.o -lmysqlclient -lcrypt > /usr/bin/ld: cannot find -lz > collect2: ld returned 1 exit status > make: *** [pam_mysql.so] Error 1 > You should install the zlib package ... Regards Andreas |
|
From: TAX <TA...@pe...> - 2004-01-14 16:24:40
|
i use use pam_mysql system happen error below
[root@xzdb src]# ls
pam_mysql pam_mysql-0.5.tar.gz
[root@xzdb src]# cd pam_mysql
[root@xzdb pam_mysql]# ls
Changelog CREDITS Makefile Makefile.bsd pam_mysql.c Readme
[root@xzdb pam_mysql]# vi +54 pam_mysql.c
[root@xzdb pam_mysql]# make
mkdir -p ./dynamic
gcc -O2 -Dlinux -DLINUX_PAM -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings
-Wpointer-arith -Wcast-qual -Wcast-align -Wtraditional
-Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline
-Wshadow -pedantic -fPIC -DPAM_DYNAMIC -c pam_mysql.c -o
dynamic/pam_mysql.o
gcc -shared -Xlinker -x -L/usr/lib/mysql -lz -o pam_mysql.so
dynamic/pam_mysql.o -lmysqlclient -lcrypt
/usr/bin/ld: cannot find -lz
collect2: ld returned 1 exit status
make: *** [pam_mysql.so] Error 1
:-> I hope your help
YOUR STUDENT JUSTIN
|
|
From: Celso P. <cp...@yi...> - 2003-12-28 12:43:25
|
Hi, i'm trying to setup pam_mysql authentication for SSH, but everytime i try to login with a test user the log shows that the username being used is NOUSER instead of the username i typed. The table name is utilizadores, username column is nome. Here's the contents of /etc/pam.d/ssh: auth optional pam_mysql.so user=cyber passwd=teste host=localhost db=jcybercafe table=utilizadores usercolumn=nome passwdcolumn=password crypt=2 where=tempo>0 account required pam_mysql.so user=cyber passwd=teste host=localhost db=jcybercafe table=utilizadores usercolumn=nome passwdcolumn=password crypt=2 where=tempo>0 Here's the contents of auth.log: Dec 28 03:32:33 cpinto sshd[13692]: Illegal user xpto from 127.0.0.1 Dec 28 03:32:35 cpinto sshd[13692]: pam_sm_authenticate called. Dec 28 03:32:35 cpinto sshd[13692]: dbuser changed. Dec 28 03:32:35 cpinto sshd[13692]: dbpasswd changed. Dec 28 03:32:35 cpinto sshd[13692]: host changed. Dec 28 03:32:35 cpinto sshd[13692]: database changed. Dec 28 03:32:35 cpinto sshd[13692]: table changed. Dec 28 03:32:35 cpinto sshd[13692]: usercolumn changed. Dec 28 03:32:35 cpinto sshd[13692]: passwdcolumn changed. Dec 28 03:32:35 cpinto sshd[13692]: crypt changed. Dec 28 03:32:35 cpinto sshd[13692]: where changed. Dec 28 03:32:35 cpinto sshd[13692]: db_connect called. Dec 28 03:32:35 cpinto sshd[13692]: returning 0 . Dec 28 03:32:35 cpinto sshd[13692]: db_checkpasswd called. Dec 28 03:32:35 cpinto sshd[13692]: pam_mysql: where clause = tempo>0 Dec 28 03:32:35 cpinto sshd[13692]: SELECT password FROM utilizadores WHERE nome='NOUSER' AND (tempo>0) Dec 28 03:32:35 cpinto sshd[13692]: pam_mysql: select returned more than one result Dec 28 03:32:35 cpinto sshd[13692]: returning 7 after db_checkpasswd. Dec 28 03:32:35 cpinto sshd[13692]: Failed password for illegal user xpto from 127.0.0.1 port 36401 ssh2 The faulty line is SELECT password FROM utilizadores WHERE nome='NOUSER' AND (tempo>0). Has anyone had problems with this before? Cheers all, Celso |
|
From: Florian V. <flo...@un...> - 2003-12-15 09:16:23
|
Hi there, the problem is, that MySQL >= 4.0.x use longer hashes for the encrypted passwords. This problem occures in pym-mysql only if you use the MySQL-Scheme passwords (set in your pam.d/foo config file, in which you use pam-mysql). You can either: A) change in the pam-mysql source: PASSWORD() to OLD_PASSWORD() and recompile/reinstall the whole thing (pam-mysql) B) use the cvs devel branch named '*pam_mysql-0_5-fvg*'. Thus, use cvs checkout option ' -r *pam_mysql-0_5-fvg*'. I implemented MySQL 4.1.0-test1 support in that branch. <<sorry - short in time>> cu florian verdet . Tim Bithoney wrote: > Is there any reason Pam_MySQL will not work with MySQL client 4.0? I > constantly have to deinstall MySql 3.23 client, reinstall MySQL client > 4.0, upgrade PHP and then reinstall MySQL client 3.23, otherwise my > SMTP password authentication will not work. I am running a 4.0 MySQL > server. > > Can I get PAM_MYSQL to work with MySQL Client 4.0? Any ideas? > > Thanks, > Tim > |
|
From: Tim B. <ti...@ro...> - 2003-12-15 07:19:38
|
Is there any reason Pam_MySQL will not work with MySQL client 4.0? I constantly have to deinstall MySql 3.23 client, reinstall MySQL client 4.0, upgrade PHP and then reinstall MySQL client 3.23, otherwise my SMTP password authentication will not work. I am running a 4.0 MySQL server. Can I get PAM_MYSQL to work with MySQL Client 4.0? Any ideas? Thanks, Tim |
|
From: Bernhard K. <da...@gm...> - 2003-12-04 23:37:49
|
Hi pam-mysql-general! From http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_Administration.html#Password_hashing ------------------------------------------------------------------- 4.3.12 Implications of Password Hashing Changes for Application Programs An upgrade to MySQL 4.1 can cause a compatibility issue for applications that use PASSWORD() to generate passwords for their own purposes. (Applications really should not do this, because PASSWORD() should be used only to manage passwords for MySQL accounts. But some applications use PASSWORD() for their own purposes anyway.) If you upgrade to 4.1 and run the server under conditions where it generates long password hashes, an application that uses PASSWORD() for its own passwords will break. The recommended course of action is to modify the application to use another function such as SHA1() or MD5() to produce hashed values. If that is not possible, you can use the OLD_PASSWORD() function, which is provided to generate short hashes in the old format. (But note that OLD_PASSWORD() may one day no longer be supported.) ------------------------------------------------------------------- So please advise your users (in the README) not to use the MySQL password() function. I'm going to use crypt for now, but I would appreciate a hash that supports passwords longer than 8 characters. AFAIK crypt uses DES which is considered insecure against brute force attacks due to the short 56 (IIRC) bit key length. That may not be an issue here, as the crypted passwords should not be available to attackers. Still I'd like to have md5 (which has a small hash collision vulnerability) or sha (which is of doubtful security as it was developed by the NSA) or anything better (but actually I prefer something built into MySQL as it eases the insertion of test data). Please CC replies to me. Thank you, Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html |
|
From: Kees C. <ke...@os...> - 2003-12-04 15:12:10
|
Or give me CVS access (sf user: nemies). It's a bunch of PAM-interface bug fixes. -- Kees Cook Open Source Development Lab ke...@os... |
|
From: Apolonia Garg<bo...@ya...> - 2003-11-27 13:18:29
|
<html><body bgcolor=#FFFFFF text=#000000>$RANDOMIZE<p><font color=#FF0000><b>"We D0 What V1agra Can't"</b></font><font color=#ffffff>$RANDOMIZE</font><br> <font color=#000099>*GA1N UP T0 3" IN 1ENGTH 1N JUST WEEKS<font color=#ffffff>$RANDOMIZE</font><br> *BEC0ME TH1CKER AND FUL1ER<font color=#ffffff>$RANDOMIZE</font><br> *MULT1PLE, M0RE EXPL0SIVE 0RGASMS<font color=#ffffff>$RANDOMIZE</font><br> *END1ESS STAY1NG P0WER<font color=#ffffff>$RANDOMIZE</font><br> *SAY G00DBYE T0 PREMA1URE EJACULATI0N<p>p1ease visit 0ur web s1te <a href=http://www.witha11.com/as/>c1ick here</a></p><p><a href=http://www.witha11.com/f.html>Rem0ve mai1</a></p></body></html> |
|
From: Steve S. <sh...@us...> - 2003-11-24 18:09:56
|
pam_mysql,
Here is a patch that allows for slightly larger table names
used for authentication (eg - phpcollab_members is larger
than the previous 16 char max). In addition, it cleans up a
syslog() message when the SQL query returns no results (it
was saying that more than one result was found).
Let me know if this patch is accepted.
Thanks,
Steve Shreeve
November 24, 2003
==
diff -u -b -B -r1.16 pam_mysql.c
--- pam_mysql.c 15 Dec 2002 21:38:53 -0000 1.16
+++ pam_mysql.c 24 Nov 2003 08:35:21 -0000
@@ -60,9 +60,9 @@
char host[257];
char where[257];
char database[17];
- char dbuser[17];
+ char dbuser[65];
char dbpasswd[17];
- char table[17];
+ char table[33];
char usercolumn[17];
char passwdcolumn[17];
int crypt;
@@ -269,7 +269,7 @@
syslog(LOG_ERR, "database
changed.");
#endif
} else if (!strcasecmp ("user", mybuf)) {
- strncpy (options.dbuser, myval, 16);
+ strncpy (options.dbuser, myval, 64);
#ifdef DEBUG
syslog(LOG_ERR, "dbuser changed.");
#endif
@@ -279,7 +279,7 @@
syslog(LOG_ERR, "dbpasswd
changed.");
#endif
} else if (!strcasecmp ("table", mybuf)) {
- strncpy (options.table, myval, 16);
+ strncpy (options.table, myval, 32);
#ifdef DEBUG
syslog(LOG_ERR, "table changed.");
#endif
@@ -438,6 +438,7 @@
MYSQL_RES *result;
MYSQL_ROW row;
int retvalue = PAM_AUTH_ERR;
+ int num_rows;
int i;
#ifdef DEBUG
@@ -520,8 +521,9 @@
return PAM_AUTH_ERR;
}
- if (mysql_num_rows(result) != 1) {
- syslog(LOG_ERR, "%s", "pam_mysql: select
returned more than one result");
+ num_rows = mysql_num_rows(result);
+ if (num_rows != 1) {
+ syslog(LOG_ERR, "pam_mysql: select returned %
s", num_rows > 1 ? "more than one result" : "no results");
mysql_free_result(result);
return PAM_AUTH_ERR;
}
|
|
From: Ian C R. <ian...@ma...> - 2003-11-23 21:50:27
|
I have tried to compile pam_mysql and am still stuck. Please can someone offer some assistance??? How does one compile this for bsd, do I delete the Makefile and use Makefile.bsd? Has anyone compiled for OS X or Darwin so that they could show how the makefile was adjusted?? Thanks very much, Ian |
|
From: Ian C R. <ian...@ma...> - 2003-11-19 21:55:05
|
Please Please could anybody point in the right direction if they've compiled this module for os x.....I desperately need a way to authenticate against mysql. Thanks very much, Ian |
|
From: James O'K. <jo...@mi...> - 2003-11-11 13:22:18
|
---------- Forwarded message ---------- Date: Sat, 8 Nov 2003 15:54:35 +0100 From: Philipp Dunkel <ph...@du...> To: jo...@mi... Subject: pam_mysql 0.5 Dear James, I am currently using pam_mysql 0.5 on my webserving machine to do some minor single auth scheme. I have a bit of a more complex table setup, ie I have to select usernames and passwords from a join on 2 tables. Your version of pam_mysql is quite capable of this provided you loosen the length limits on a few configuration fields char table[17]; char usercolumn[17]; char passwdcolumn[17]; are the items that could be a bit short. Of course you are right in that these are generally limited by mysql in length, but what if you want to specify multiple items such as table= users,domains usercolumn=concat(users.name,'@',domains.name) passwordcolumn=users.password where=domains.id=users.domain This is wuite simple to do (and it works) if only the fields were long enough to hold the data. So I have attached a patch to enlargen these fields to 257 (256 + 1*NULL) and adjust the strncopy during parsing. This helped me immensly, and it might make pam_mysql more useful to others as well. Aside from this I thank you guys very much for untertaking this project, since it put me into the position to do some things that would have been previously impossible or at least very much harder. Greetings, Philipp |
|
From: Florian V. <flo...@un...> - 2003-11-11 08:27:57
|
Hi pammers,
two days ago and yesterday, I finally committed my work to the SourceForg=
e
cvs repository !=20
As told before, I created a new branch named 'pam_mysql-0_5-fvg'.
( use checkout -r pam_mysql-0_5-fvg pam_mysql )
Actually, the last tag is 'pam_mysql-0_5-fvg11_final'.
Perhaps, I made mistakes with setting the tags - on the ViewCVS (web)
interface, they show up under "non-branch tags", but their functionality
is given.
Let me know, if I did something wrong (I copied the backup tarball of the
repository before I made the changes).
Now you can check out the ("devel") branch and test and fix bugs etc.
Then, if there are no complaints, we could merge the branch to the MAIN
trunk in a few weeks.
What imperatively has to be made before releasing a new version, is to=20
hack-in the modifications, the debian maintainer did for the debian=20
(sub-) releases !
Sunday, I took part at the Debian bug-squashing party organized by GULL
at Lausanne, Switzerland and I saw, that the communication between the=20
deb maintainers back to the upstream developers is quite low !
I don't know about other dists, but we should check them out too.
Other work will be applying a few patches, that exist (would have to
be done by hand) - like the =09'stripping domain' patch.
So, give it a try !
Have fun !
PS:
I didn't test yet, if the sources on the branch are really working, but:
- I only tried to compile, and they do (I didn't test the functionality)
- I copied them from an other cvs repos, and those work
PS2:
As sait, some more doc is available at
http://users.linuxbourg.ch/fvgoto/informatica/tbsc/welcome.php
PS3:
If you're working on the SF-cvs, the changes appear only ~one day later
on the anonymous cvs server !
blers sal=FCds,
_________________
Florian Verdet
Bachelor of Science in Computer Science
=2E
|
|
From: Anders N. <an...@Fr...> - 2003-11-06 20:53:54
|
Hi, See http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/54733. Cheers, -- Anders. |
|
From: Florian V. <flo...@un...> - 2003-10-28 09:14:31
|
Hi all, I really hope, that I can find some time to commit my changes to SF cvs i= n=20 the next days... For this, I've a question: Is it useful/recommended/utile to create a branch for my thing ? Or should I commit it directly to MAIN trunk ? If branching, would it be correct, if I do the following ? : cvs co pam_mysql cvs tag -b rel-0-5-fvg cd /somewhere/else cvs co -r rel-0-5-fvg pam_mysql=20 ##or should I rather use 'cvs -r co -r rel-0-5-fvg pam_mysql' ? #loop #make changes cvs ci cvs tag rel-0-5-fvg1 #then 2, 3, etc. #end-loop #and then (after some time... ev. with your hacks): cd /somewhere/else cvs co pam_mysql cvs update -j rel-0-5-fvg cvs ci Thanks for help ! C-ja ! _________________ Florian Verdet =2E |
|
From: Sergey M. <se...@ci...> - 2003-10-18 21:19:39
|
Florian Verdet wrote: > |Now it's OK and works like 0.5. > > Yeah - It should be backward compatible - but with a lot more features... OK. I'll look at new features. > |I'll prepare a patch, test it on -STABLE and publish here within a few days. > | > what do you call "STABLE" ? 0.5 ?? > 0.5 is one C source file, you worked on 10 - this would give a funny patch :-) Sorry. I meant FreeBSD -STABLE branch. Now I've tested it on -CURRENT. -CURRENT has a OpenPAM but -STABLE has a LinuxPAM. So they are different this point. > free time next week seems to run short. > I'll try to do my pam_mysql work some evening... Good luck and tell us what will you do ;) -- Sem. |
|
From: Florian V. <flo...@un...> - 2003-10-18 20:31:42
|
________________________________________ \| Sergey Matveychuk <se...@ci...> ha scrit | in/als Sat, 18 Oct 2003 02:38:47 +0400 il seguaint: |Florian Verdet wrote: | |> That's all I can suggest for now... | |Thank you for so detail suggestion list! glad I could help you ! | |I sat and found all problems. Include some missed headers and add missed |macros. phuu ! I already thought it was something bad on my side... (We newer know if we test only on a small amount of systems) |Now it's OK and works like 0.5. Yeah - It should be backward compatible - but with a lot more features... | |I'll prepare a patch, test it on -STABLE and publish here within a few days. | what do you call "STABLE" ? 0.5 ?? 0.5 is one C source file, you worked on 10 - this would give a funny patch :-) free time next week seems to run short. I'll try to do my pam_mysql work some evening... cu... _________ Florian Verdet _goto GnuPG: fvg.zapto.org/informatica/gpg.php . |
|
From: Sergey M. <se...@ci...> - 2003-10-17 22:46:45
|
Florian Verdet wrote: > That's all I can suggest for now... Thank you for so detail suggestion list! I sat and found all problems. Include some missed headers and add missed macros. Now it's OK and works like 0.5. I'll prepare a patch, test it on -STABLE and publish here within a few days. -- Sem. |
|
From: Florian V. <flo...@un...> - 2003-10-17 16:28:59
|
________________________________________
\| Sergey Matveychuk <se...@ci...> ha scrit=20
| in/als Fri, 17 Oct 2003 00:04:13 +0400 il seguaint:
|Florian Verdet wrote:
|> |> If you want to do some work/support, download the work I've done
|> |> and test it - I'm missing feedback until now :-/
|> |
|> |OK, I'll do.
|
|Well, I did. I've cvs'ed your version, hack it a little for OpenPAM and=20
|build. And I've got a strange problem I haven't with 0.5 version.
|
|When I tried to login I got a message:
|login: in open_load_module(): no pam_mysql.so found
|kernel: pid NNN (login), uid 0: exited on signal 10 (core dumped)
|
|I have no idea why it happened. When I change pam_mysql.so with the same=
=20
|file from 5.0 version I login successful.
|
I've no idea what went wrong...
I'm using (Linux-)PAM as shipped with Mdk90 (I'll have 9.2 in a few days).
I've no experience(s) with OpenPAM... (this could change :o] )
(I also had a similar error, but it was because I used a (double) symbolic
link to reflect the actual devel lib - I got this error, if the link was ba=
d).
A) Check if you have really my version (I think yes, due to the cvs-connects
in the logfiles) - do you have ~10 C source files and some headers.
B)
i) If you exchanged the 'pam_mysql.so' in the same place,
check the permissions (we never know...)
ii) Looking at a sample OpenPAM module (shipped with its source) :
Did you add something like
---
#ifdef PAM_MODULE_ENTRY
PAM_MODULE_ENTRY("pam_mysql");
#endif
---
(or without #ifdef) to the end of 'pam_mysql.c' ??
iii) What size does your 'pam_mysql.so' have ?
(mine has 50'491 B (~50kB) - it gives a rough idea if everything=20
is linked in...)
iv) Do you use dynamic linking ?
Do you use static linking ?
(I tested with dynamic - The Makefile surely has errors for static one)
v) I think you know (/already hacked), that only Linux-PAM modules can
#include <security/pam_misc.h>
which in turn, includes <security/_pam_macros.h> (the 'D(())' debugging
function is defined there).
vi) Are there any 'not found's in the output of=20
$ ldd pam_mysql.so
C) You could try enabeling OpenPAM's debugging...
This would say you if it checks the (OpenPAM) modules-cache, if it checks=
=20
for a dynamic and then for a static module=20
(openpam-20030715/lib/openpam_load.c:66ff)
D) Oh, yes... did you try specifying the whole path (from root '/') ?
That's all I can suggest for now...
Until next time !
sal=FCds,
_________=20
Florian Verdet
GnuPG: fvg.zapto.org/informatica/gpg.php
.
|
|
From: Sergey M. <se...@ci...> - 2003-10-16 20:04:24
|
Florian Verdet wrote: > |> If you want to do some work/support, download the work I've done > |> and test it - I'm missing feedback until now :-/ > | > |OK, I'll do. Well, I did. I've cvs'ed your version, hack it a little for OpenPAM and build. And I've got a strange problem I haven't with 0.5 version. When I tried to login I got a message: login: in open_load_module(): no pam_mysql.so found kernel: pid NNN (login), uid 0: exited on signal 10 (core dumped) I have no idea why it happened. When I change pam_mysql.so with the same file from 5.0 version I login successful. -- Sem. |
|
From: Florian V. <flo...@un...> - 2003-10-16 18:37:10
|
________________________________________ \| Sergey Matveychuk <se...@ci...> ha scrit | in/als Wed, 15 Oct 2003 21:39:03 +0400 il seguaint: | |If you interesting my opinion, there are no reasons to start a new |project. We can improve pam_mysql itself. OK ! Thank you Sem and you, James ! I think this helps me now making the choice :-) | |> For you, Sem: |> If you want to do some work/support, download the work I've done |> and test it - I'm missing feedback until now :-/ | |OK, I'll do. | |> If you want to write code, I recommend you to wait until I've |> committed my "thing" to some official site (SourceForge) |> and then, we could discuss further hacks. | |It's just reason I asked. The world seems to look good today :o) I look forward to next week - I'll keep tuned ! cuAll, _________ Florian Verdet _goto GnuPG: fvg.zapto.org/informatica/gpg.php . |
|
From: Sergey M. <se...@ci...> - 2003-10-15 17:39:07
|
Florian Verdet wrote: > Projects state: > I can only say: "It works !" ;-) Works? I know that! :) I wrote a patch for OpenPAM support and use it on my FreeBSD 5.1 box. > I'll do it in November. The question that remains is, if I should > commit it to the existing pam_mysql source or start as a new project. If you interesting my opinion, there are no reasons to start a new project. We can improve pam_mysql itself. > For you, Sem: > If you want to do some work/support, download the work I've done > and test it - I'm missing feedback until now :-/ OK, I'll do. > If you want to write code, I recommend you to wait until I've > committed my "thing" to some official site (SourceForge) > and then, we could discuss further hacks. It's just reason I asked. ---- Sem. |
88 messages has been excluded from this view by a project administrator.
