pam-mysql-general

[Pam-mysql-general] using pam-mysql with local passwd auth

[Terry <td...@gm...>]

Hello,

I am stumped. I have done this in the past without any problems. I want to=
=20
authenticate users to a mysql database as well as the local passwd database=
.=20
If one fails, try the other, either one will allow them to be authenticated=
.=20
I am testing this with both sshd and vsftpd. pam-mysql-0.6.0 works great=20
standalone. Just when I throw in other auth requirements, it behaves weird.=
=20
Here are some facts:

Whitebox 4
pam-0.77-65.1

contents of /etc/pam.d/vsftpd:
auth required pam_nologin.so
auth sufficient pam_stack.so service=3Dsystem-auth
auth sufficient pam_mysql.so user=3Duser passwd=3Dfoobar db=3Ddb=20
table=3Dtableusercolumn=3Dusername passwdcolumn=3Dpassword crypt=3Dmd5
account sufficient pam_stack.so service=3Dsystem-auth
account sufficient pam_mysql.so user=3Duser passwd=3Dfoobar db=3Ddb=20
table=3Dtableusercolumn=3Dusername passwdcolumn=3Dpassword crypt=3Dmd5
session sufficient pam_stack.so service=3Dsystem-auth

contents of /etc/pam.d/system-auth:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so

account required /lib/security/$ISA/pam_unix.so

password required /lib/security/$ISA/pam_cracklib .so retry=3D3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
password required /lib/security/$ISA/pam_deny.so

session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so

On the client side of things, I get a strange error output to the screen=20
with this configuration:
220 (vsFTPd 2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (216.58.238.244:jomama): jomama
331 Please specify the password.
Password:
*** glibc detected *** double free or corruption (fasttop): 0x2aacc170 ***
Login failed.

What's my issue?

[Pam-mysql-general] Re: using pam-mysql with local passwd auth

[Terry <td...@gm...>]

Ok, I figured it out. I hope anyways. It appears as if the pam-mysql module=
s=20
have to appear before the other modules:

auth required pam_nologin.so
auth sufficient pam_mysql.so user=3Dasdf passwd=3Dasdf db=3Dasdf table=3Dmo=
s_users=20
usercolumn=3Dusername passwdcolumn=3Dpassword crypt=3Dmd5
auth sufficient pam_stack.so service=3Dsystem-auth
account sufficient pam_mysql.so user=3Dasdf passwd=3Dasdf db=3Dasdf=20
table=3Dmos_users usercolumn=3Dusername passwdcolumn=3Dpassword crypt=3Dmd5
account sufficient pam_stack.so service=3Dsystem-auth
session required pam_stack.so service=3Dsystem-auth

I have never had to do this in the past, like with LDAP. Unless I just got=
=20
it right the 1st time....bug?


On 6/23/05, Terry <td...@gm...> wrote:
>=20
> Hello,
>=20
> I am stumped. I have done this in the past without any problems. I want t=
o=20
> authenticate users to a mysql database as well as the local passwd databa=
se.=20
> If one fails, try the other, either one will allow them to be authenticat=
ed.=20
> I am testing this with both sshd and vsftpd. pam-mysql-0.6.0 works great=
=20
> standalone. Just when I throw in other auth requirements, it behaves weir=
d.=20
> Here are some facts:
>=20
> Whitebox 4
> pam-0.77-65.1
>=20
> contents of /etc/pam.d/vsftpd:
> auth required pam_nologin.so
> auth sufficient pam_stack.so service=3Dsystem-auth
> auth sufficient pam_mysql.so user=3Duser passwd=3Dfoobar db=3Ddb=20
> table=3Dtableusercolumn=3Dusername passwdcolumn=3Dpassword crypt=3Dmd5
> account sufficient pam_stack.so service=3Dsystem-auth
> account sufficient pam_mysql.so user=3Duser passwd=3Dfoobar db=3Ddb=20
> table=3Dtableusercolumn=3Dusername passwdcolumn=3Dpassword crypt=3Dmd5
> session sufficient pam_stack.so service=3Dsystem-auth
>=20
> contents of /etc/pam.d/system-auth:
> auth required /lib/security/$ISA/pam_env.so
> auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
> auth required /lib/security/$ISA/pam_deny.so
>=20
> account required /lib/security/$ISA/pam_unix.so
>=20
> password required /lib/security/$ISA/pam_cracklib .so retry=3D3
> password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
> password required /lib/security/$ISA/pam_deny.so
>=20
> session required /lib/security/$ISA/pam_limits.so
> session required /lib/security/$ISA/pam_unix.so
>=20
> On the client side of things, I get a strange error output to the screen=
=20
> with this configuration:
> 220 (vsFTPd 2.0.1)
> 530 Please login with USER and PASS.
> 530 Please login with USER and PASS.
> KERBEROS_V4 rejected as an authentication type
> Name (216.58.238.244:jomama): jomama
> 331 Please specify the password.
> Password:
> *** glibc detected *** double free or corruption (fasttop): 0x2aacc170 **=
*
> Login failed.
>=20
> What's my issue?
>

Re: [Pam-mysql-general] Re: using pam-mysql with local passwd auth

[Moriyoshi K. <mor...@at...>]

On 2005/06/24, at 6:39, Terry wrote:

> Ok, I figured it out.=A0 I hope anyways.=A0 It appears as if the =
pam-mysql=20
> modules have to appear before the other modules:
>
>  auth=A0=A0=A0=A0=A0=A0 required=A0=A0=A0=A0 pam_nologin.so
>  auth=A0=A0=A0=A0=A0=A0 sufficient=A0 pam_mysql.so user=3Dasdf =
passwd=3Dasdf db=3Dasdf=20
> table=3Dmos_users usercolumn=3Dusername passwdcolumn=3Dpassword =
crypt=3Dmd5

Because the condition is "sufficient"; check out the documentation.
That's not a bug.

http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-4.html

Moriyoshi