Comments (7)
alexhass
commented on July 29, 2024
1
No. Not my bug. It worked on an older Debian server. Nothing has changed in the scripts.
from pam-mysql.
NigelCunningham
commented on July 29, 2024
Thanks for the report. pam_mysql_check_passwd() returning 6 is PAM_MYSQL_ERR_MISMATCH. Could the wrong crypt type be being used?
from pam-mysql.
mekahell
commented on July 29, 2024
Hi everyone :)
I've got the same issue on Debian 9 (Stretch) and 8 (Jessie).
After recompiling the module with more logs I've found something strange into the function pam_sm_authenticate (line 3729).
retval = pam_get_item(pamh, PAM_AUTHTOK, (PAM_GET_ITEM_CONST void **)&passwd); puts a null value into passwd when use_first_pass or try_first_pass options are enabled.
It seems that something has changed on libpam but I'm not able to found what exactly.
Sorry I'm not fluent in C :(
from pam-mysql.
maltris
commented on July 29, 2024
Apparently I am having the same issue on CentOS 8 (but for example not on Alpine 3.11).
pam_mysql - pam_mysql_check_passwd() returning 6.
pam_mysql - pam_sm_authenticate() returning 7.
Made twice and triple sure, that the hashes match. (Using crypt=1 and $6 crypt() hashes.)
I then tried crypt=0 and plaintext password in the db, just to be sure:
pam_mysql - SELECT password FROM users WHERE username = 'user2'
pam_mysql - pam_mysql_check_passwd() returning 6.
pam_mysql - pam_mysql_sql_log() called.
pam_mysql - pam_mysql_sql_log() returning 0.
pam_mysql - pam_sm_authenticate() returning 7.
No success.
pam packages:
pam.x86_64 1.3.1-4.el8 @System
pam-devel.x86_64 1.3.1-4.el8 @BaseOS
Edit:
Quickly tried the same on a clean CentOS 7 container, same problem:
May 16 09:45:02 235d7fc3f033 sshd[82]: pam_mysql - pam_mysql_check_passwd() returning 6.
May 16 09:45:02 235d7fc3f033 sshd[82]: pam_mysql - pam_mysql_sql_log() called.
May 16 09:45:02 235d7fc3f033 sshd[82]: pam_mysql - pam_mysql_sql_log() returning 0.
May 16 09:45:02 235d7fc3f033 sshd[82]: pam_mysql - pam_sm_authenticate() returning 7.
[root@235d7fc3f033 /]# yum list installed | grep pam
pam.x86_64 1.1.8-23.el7 @CentOS
pam-devel.x86_64 1.1.8-23.el7 @base
pam-MySQL is the latest version from this repository. Compilation and building the container image with docker is done like this:
FROM centos:7
RUN yum -y install openssh make nss-devel mariadb-devel automake \
libtool which diffutils file git openssh-server pam-devel \
&& git clone https://github.com/NigelCunningham/pam-MySQL.git \
&& cd pam-MySQL \
&& autoreconf -i \
&& ./configure \
&& make \
&& strip .libs/pam_mysql.so \
&& make install \
&& cd .. \
&& rm -rf pam-MySQL
EXPOSE 22
CMD ["sshd"]
from pam-mysql.
NigelCunningham
commented on July 29, 2024
We now have pre-releases of a new version using Meson and including some unit tests. Would you please retry with this version?
from pam-mysql.
m3t4tr0n
commented on July 29, 2024
I have encountered this problem .. for me it turns out there was a single space after a line in the pam-mysql.conf config file.
from pam-mysql.
NigelCunningham
commented on July 29, 2024
Hmm. Coud you provide an example, @m3t4tr0n?
from pam-mysql.
Related Issues (20)
- Time to roll v0.8.2? HOT 4
- crypt() - Invalid argument when crypted PW contains " HOT 1
- Feature: Don't try_first_pass when password undefined HOT 3
- Dont erro log, and dont login with pam-mysql HOT 3
- autoreconf -f -i exits with code 1 "error: possibly undefined macro" HOT 3
- pam_mysql_check_passwd() returning 6 HOT 28
- pam_sm_authenticate() returning 3. the return :( HOT 2
- compat_make_scrambled_password_323 error HOT 5
- Regression testing would be a good idea. HOT 5
- Email address as username. HOT 12
- I got "malloc(): invalid size (unsorted)" when using "crypt=1" HOT 2
- supressing log messages HOT 1
- install_dir is hard coded to '/lib/security' HOT 1
- Is PAM-MySQL friendly to MariaDB HOT 1
- pam-MySQL 1.0.0 built error for MySQL 8 HOT 8
- pam_MySQL is only querying the database if the username has a login account. HOT 1
- size read failed - SASLAUTHD with PAM_MYSQL Fedora 37
- Skip first pass in sasl-pam-mysql authentication HOT 1
- Centos 7: Unknown method "substring" for a string HOT 2
- Configurable Password Query HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pam-mysql.