#12 Allows more flexible queries

open-remind
None
1
2008-08-28
2002-02-26
Russell
No

This patched version of pam-mysql (based on version
0.47) allows arbitary queries to be used into which the
username and passwords are substitued.

For example, one of my pam.d files is as follows:
auth required pam_mysql.so user=passwd_query
passwd=password db=my_db [query=select user_name from
internet_service where user_name='%u' and
password=MD5('%p') and service='web_proxy']
account required pam_mysql.so user=passwd_query
passwd=password db=my_db [query="select user_name from
internet_service where user_name='%u' and
password=MD5('%p') and service='web_proxy']

Surprisingly, a lot of cruft pertaining to the password
hashing algorithims is removed by implementing this
method of generating the query.

Discussion

  • Russell

    Russell - 2002-02-26

    replacement pam_mysql.c file that implements flexible queries

     
    Attachments
  • Moriyoshi Koizumi

    Logged In: YES
    user_id=995831

    Will be supported in 0.7.

     
  • Moriyoshi Koizumi

    • assigned_to: nobody --> moriyoshi
    • status: open --> open-remind
     
  • (C)0||3N

    (C)0||3N - 2008-08-28
    • status: open-remind --> pending-remind
     
  • (C)0||3N

    (C)0||3N - 2008-08-28
    • priority: 5 --> 1
    • status: pending-remind --> open-remind
     
  • Russell

    Russell - 2008-08-28

    Logged In: YES
    user_id=447183
    Originator: YES

    Note that sending the password in plain text to the database might be a bad idea if, for example, query logging is enabled. It would be good if it is still possible to hash the password prior to preparing the query so that the query doesn't need to contain the password in plain text.

     
  • Milos Jakubicek

    Milos Jakubicek - 2008-09-20

    This would be a great feature, I'm looking forward to see it in pam_mysql. In many cases you cannot change how passwords are stored in the DB (multiple hashes and salts, e.g. in MediaWiki).

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks