[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: pam not working on centos?

It doesn't look like the Openssl libraries were used during the initial
configure command. If you are working with an RPM you may need to do a
little research on how to get the pam_mysql rpm module to use the
openssl libraries.

The error you originally reported:
badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16):
>>  > encryption needed to use mechanism: security flags do not match
>>  > required]
>>  >
>>  > badlogin:host1 [127.0.0.1] plaintext cyrus@fbla1host1 SASL(-13):
>>  > authentication failure: checkpass failed
>>  >
>>  > Feb  1 17:29:11 frontend-A1 mupdate[2048]: No worthy mechs found

Is attempting to use the OpenSSL libraries in ensure that when the
pam_mysql module communicates with the server it is sending the data
through an encrypted stream.

Because I am not 100% familiar with the pam_mysql module you may need to
either 1: setup a shared x509 security certificate on the server so the
clients can use to send through the encrypted stream. 2: recompile the
pam_mysql module with the optional openssl libraries.

I would suggest at this point to do some more research on the module
itself in case you are missing something.

rupert wrote:
> On Fri, Feb 1, 2008 at 6:47 PM, Jason Gerfen <jason.gerfen@xxxxxxxxxxxx> wrote:
>> Ensure your openssl libraries are being linked against with the
>>  pam_mysql module or configure it to not use SSL. A good way to test is
>>  to run the 'ldd' command on the pam_mysql module and even the 'nm'
>>  command to ensure the proper functions are used and were built during
>>  compile.
>>
> is this ok?
> 
> ldd /lib/security/pam_mysql.so
>         libmysqlclient.so.15 => /usr/lib64/mysql/libmysqlclient.so.15
> (0x00002aaaaacc0000)
>         libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaab030000)
>         libnsl.so.1 => /lib64/libnsl.so.1 (0x00002aaaab244000)
>         libm.so.6 => /lib64/libm.so.6 (0x00002aaaab45d000)
>         libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaab6e0000)
>         libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaab929000)
>         libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaabc72000)
>         libc.so.6 => /lib64/libc.so.6 (0x00002aaaabea6000)
>         libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
> (0x00002aaaac1f6000)
>         libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaac425000)
>         libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaac6b7000)
>         libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaac8b9000)
>         libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaacadf000)
>         /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
>         libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
> (0x00002aaaacce3000)
>         libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaaceeb000)
>         libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaad0ee000)
>         libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaad303000)
>         libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaad51c000)
> 
> nm /lib/security/pam_mysql.so
> 0000000000209078 a _DYNAMIC
> 0000000000209290 a _GLOBAL_OFFSET_TABLE_
>                  w _Jv_RegisterClasses
> 0000000000209008 d __CTOR_END__
> 0000000000209000 d __CTOR_LIST__
> 0000000000209018 d __DTOR_END__
> 0000000000209010 d __DTOR_LIST__
> 0000000000008c80 r __FRAME_END__
> 0000000000209020 d __JCR_END__
> 0000000000209020 d __JCR_LIST__
> 0000000000209af0 A __bss_start
>                  w __cxa_finalize@@GLIBC_2.2.5
> 0000000000006e00 t __do_global_ctors_aux
> 0000000000001f20 t __do_global_dtors_aux
> 0000000000209070 d __dso_handle
>                  U __errno_location@@GLIBC_2.2.5
>                  w __gmon_start__
>                  U __stack_chk_fail@@GLIBC_2.4
>                  U __strtol_internal@@GLIBC_2.2.5
>                  U __syslog_chk@@GLIBC_2.4
> 0000000000209af0 A _edata
> 0000000000209b00 A _end
> 0000000000006e38 T _fini
> 0000000000001bc8 T _init
> 0000000000001f00 t call_gmon_start
>                  U calloc@@GLIBC_2.2.5
>                  U close@@GLIBC_2.2.5
> 0000000000209af8 b completed.6140
>                  U crypt@@GLIBC_2.2.5
> 0000000000209af0 b dtor_idx.6142
> 0000000000001fa0 t frame_dummy
>                  U free@@GLIBC_2.2.5
>                  U freeaddrinfo@@GLIBC_2.2.5
>                  U getaddrinfo@@GLIBC_2.2.5
>                  U geteuid@@GLIBC_2.2.5
>                  U gethostname@@GLIBC_2.2.5
>                  U getpid@@GLIBC_2.2.5
>                  U getuid@@GLIBC_2.2.5
> 0000000000007540 r hint.8265
>                  U inet_ntop@@GLIBC_2.2.5
>                  U make_scrambled_password@@libmysqlclient_15
>                  U make_scrambled_password_323@@libmysqlclient_15
>                  U memchr@@GLIBC_2.2.5
>                  U memcpy@@GLIBC_2.2.5
> 0000000000002bb0 t memcspn
>                  U memset@@GLIBC_2.2.5
> 0000000000001fd0 t memspn
>                  U mysql_close@@libmysqlclient_15
>                  U mysql_error@@libmysqlclient_15
>                  U mysql_fetch_row@@libmysqlclient_15
>                  U mysql_free_result@@libmysqlclient_15
>                  U mysql_init@@libmysqlclient_15
>                  U mysql_num_rows@@libmysqlclient_15
>                  U mysql_real_connect@@libmysqlclient_15
>                  U mysql_real_escape_string@@libmysqlclient_15
>                  U mysql_real_query@@libmysqlclient_15
>                  U mysql_select_db@@libmysqlclient_15
>                  U mysql_store_result@@libmysqlclient_15
>                  U open64@@GLIBC_2.2.5
> 0000000000209740 d options
>                  U pam_get_data
>                  U pam_get_item
>                  U pam_get_user
> 0000000000209ae0 d pam_mysql_boolean_opt_accr
> 0000000000002100 t pam_mysql_boolean_opt_getter
> 00000000000025f0 t pam_mysql_boolean_opt_setter
> 0000000000004ea0 t pam_mysql_check_passwd
> 0000000000003ec0 t pam_mysql_cleanup_hdlr
> 0000000000003ae0 t pam_mysql_close_db
> 0000000000209040 d pam_mysql_config_token_name
> 0000000000003f00 t pam_mysql_converse
> 0000000000209ad0 d pam_mysql_crypt_opt_accr
> 0000000000002130 t pam_mysql_crypt_opt_getter
> 0000000000002480 t pam_mysql_crypt_opt_setter
> 0000000000003b30 t pam_mysql_destroy_ctx
> 0000000000002290 t pam_mysql_entry_handler_destroy
> 0000000000209440 d pam_mysql_entry_handler_options
> 00000000000042b0 T pam_mysql_find_option
> 0000000000004400 t pam_mysql_format_string
> 0000000000004300 T pam_mysql_get_option
> 0000000000006cb0 t pam_mysql_handle_entry
> 00000000000037a0 t pam_mysql_open_db
> 0000000000005330 t pam_mysql_parse_args
> 0000000000004c20 t pam_mysql_query_user_stat
> 0000000000003a10 t pam_mysql_quick_escape
> 0000000000002ec0 t pam_mysql_read_config_file
> 0000000000003cd0 t pam_mysql_retrieve_ctx
> 0000000000005240 T pam_mysql_set_option
> 0000000000004820 t pam_mysql_sql_log
> 0000000000002ae0 t pam_mysql_str_append
> 0000000000002b50 t pam_mysql_str_append_char
> 0000000000002b70 t pam_mysql_str_destroy
> 00000000000021c0 t pam_mysql_str_init
> 0000000000002960 t pam_mysql_str_reserve
> 00000000000021e0 t pam_mysql_str_truncate
> 0000000000002ea0 t pam_mysql_stream_close
> 0000000000002850 t pam_mysql_stream_getc
> 0000000000002c20 t pam_mysql_stream_read_cspn
> 00000000000026f0 t pam_mysql_stream_skip_spn
> 0000000000002210 t pam_mysql_stream_ungetc
> 0000000000209ac0 d pam_mysql_string_opt_accr
> 00000000000020f0 t pam_mysql_string_opt_getter
> 0000000000002420 t pam_mysql_string_opt_setter
>                  U pam_set_data
>                  U pam_set_item
> 0000000000006530 T pam_sm_acct_mgmt
> 0000000000006790 T pam_sm_authenticate
> 0000000000005830 T pam_sm_chauthtok
> 0000000000005480 T pam_sm_close_session
> 0000000000005660 T pam_sm_open_session
> 00000000000022a0 T pam_sm_setcred
>                  U pam_strerror
>                  U read@@GLIBC_2.2.5
>                  U realloc@@GLIBC_2.2.5
> 0000000000007580 r saltstr.8671
>                  U strcasecmp@@GLIBC_2.2.5
>                  U strchr@@GLIBC_2.2.5
>                  U strcmp@@GLIBC_2.2.5
>                  U strerror@@GLIBC_2.2.5
>                  U strlen@@GLIBC_2.2.5
> 0000000000002380 t strnncpy
> 00000000000022b0 t xcalloc
> 0000000000002400 t xfree
> 00000000000023d0 t xfree_overwrite
> 0000000000002670 t xrealloc
> 0000000000002320 t xstrdup
> 
> 
>>
>>  rupert wrote:
>>  > Hello,
>>  > i installed a complete cyrus murder setup in a VMware machine and now
>>  > im transferring my configuration to a real 64Bit machine, i donwloaded
>>  > pam_mysql and compiled it,
>>  > when I try to login with cyradmin or imtest i always get some errors
>>  > and there isnt even a query executed in mysql.
>>  > How can i fix this?
>>  >
>>  >
>>  > badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16):
>>  > encryption needed to use mechanism: security flags do not match
>>  > required]
>>  >
>>  > badlogin:host1 [127.0.0.1] plaintext cyrus@fbla1host1 SASL(-13):
>>  > authentication failure: checkpass failed
>>  >
>>  > Feb  1 17:29:11 frontend-A1 mupdate[2048]: No worthy mechs found
>>  >
>>  >
>>  > thx a lot
>>  >
>>  > _______________________________________________
>>  > Pam-list mailing list
>>  > Pam-list@xxxxxxxxxx
>>  > https://www.redhat.com/mailman/listinfo/pam-list
>>
>>
>>  --
>>  Jason Gerfen
>>
>>  "I practice my religion
>>   while stepping on your
>>   toes..."
>>  ~The Ditty Bops
>>
>>  _______________________________________________
>>  Pam-list mailing list
>>  Pam-list@xxxxxxxxxx
>>  https://www.redhat.com/mailman/listinfo/pam-list
>>
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list


-- 
Jason Gerfen

"I practice my religion
 while stepping on your
 toes..."
~The Ditty Bops

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux