Pam SVN and Apache help
Pavel Pragin
ppragin at SolutionSet.com
Tue Oct 30 15:56:30 UTC 2007
Hello,
I am having problems with PAM/Apache authentication.
I have no problems logging in to the svn server thought ssh and
authentication via the PAM server works. However when I use PAM to
authenticate through SVN I am getting DB errors in the logs. Looking at
the MySQL query logs I can see that the (Password) query that is being
issued to MySQL is incomplete. As far as I know all Apache and Pam
config files are correct. I decided to compare the mysql query logs on
the currently working server and the new not working server . This
comparison is in the end of the e-mail and this how I came to the
conclusion that the query is incomplete.
Auth log on SVN server (svntest):
Oct 29 03:46:08 svntest nss-mysql[9707]: _nss_mysql_getspnam_r conf file
parsing failed
Oct 29 03:46:08 svntest nss-mysql[9707]: (pam_unix) authentication
failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168. 6.43
user=ppragin
Oct 29 03:46:08 svntest nss-mysql[9707]: pam_mysql - MySQL error(You
have an error in your SQL syntax; check the manual that c
orresponds to your MySQL server version for the right syntax to use near
'FROM WHERE user.user_name = 'ppragin'' at line 1)
Apache log on SVN server(svntest):
[Mon Oct 29 03:17:49 2007] [error] [client 192.168.] (9)Bad file
descriptor: Could not open password file: (null)
[Mon Oct 29 03:17:52 2007] [error] [client 192.168.] PAM: user 'ppragin'
- not authenticated: Error in service module
Mysql query log from Pam server when running svn checkout from server
(svntest):
131 Connect nss at svntest <mailto:nss at svntest.solutionset.com> on
nss_mysql
131 Query select
user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.
gid from user where
user.user_name='ppragin' and user.uid is not null and user.status = 'A'
order by user.uid
132 Connect nss-shadow at svntest. on nss_mysql
132 Init DB nss_mysql
132 Query SELECT FROM WHERE user.user_name = 'ppragin'
132 Quit
Mysql query log from Pam server when running svn checkout from server
(newsvn):
753 Connect nss at newsvn. on nss_mysql
753 Query select
user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.
gid from user where user.user_name='ppragin'
and user.uid is not null and user.status = 'A' order by user.uid
753 Query select
user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.
gid from user where user.user_name='ppragin'
and user.uid is not null and user.status = 'A' order by user.uid
754 Connect nss-shadow at newsvn.
<mailto:nss-shadow at newsvn.solutionset.com> on nss_mysql
754 Init DB nss_mysql
754 Query SELECT user.Password FROM user WHERE
user.user_name='ppragin'
754 Quit
The difference:
(svntest server) 132 Query SELECT FROM WHERE
user.user_name = 'ppragin'
(newsvn server) 754 Query SELECT user.Password FROM user
WHERE user.user_name='ppragin'
I can understand why "user.Password" is missing. This is how the
password is acquired from table "user" field "Password".
This is why authentication is failing. One thing I don't understand is
where the information provided for this query comes from.
I don't see any mention of "user.Password" in any of the config files.
Maybe I am missing a step? Any ideas?
.
PAVEL PRAGIN
ppragin at solutionset.com <mailto:ejohansson at solutionset.com>
T > 650.328.3900
M > 650.521.4377
F > 650.328.3901
SolutionSet
The Brand Technology Company
http://www.SolutionSet.com <http://www.solutionset.com/>
PA > 131 Lytton Ave., Palo Alto, CA 94301
SF > 85 Second St., San Francisco, CA 94105
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20071030/0231d31e/attachment.htm>
More information about the Pam-list
mailing list