Pam SVN and Apache help

Pavel Pragin ppragin at SolutionSet.com
Tue Oct 30 15:56:30 UTC 2007


Hello,

 

I am having problems with PAM/Apache authentication.

I have no problems logging in to the svn server thought ssh and
authentication via the PAM server works. However when I use PAM to
authenticate through SVN I am getting DB errors in the logs. Looking at
the MySQL query logs I can see that the (Password) query that is being
issued to MySQL is incomplete.   As far as I know all Apache and Pam
config files are correct. I decided to compare the mysql query logs on
the currently working server and the new not working server . This
comparison is in the end of the e-mail and this how I came to  the
conclusion that the query is incomplete.

 

 

Auth log on SVN server (svntest):

Oct 29 03:46:08 svntest nss-mysql[9707]: _nss_mysql_getspnam_r conf file
parsing failed

Oct 29 03:46:08 svntest nss-mysql[9707]: (pam_unix) authentication
failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.    6.43
user=ppragin

Oct 29 03:46:08 svntest nss-mysql[9707]: pam_mysql - MySQL error(You
have an error in your SQL syntax; check the manual that c    

orresponds to your MySQL server version for the right syntax to use near
'FROM  WHERE user.user_name = 'ppragin'' at line 1)

 

 

Apache log on SVN server(svntest):

 [Mon Oct 29 03:17:49 2007] [error] [client 192.168.] (9)Bad file
descriptor: Could not open password file: (null)

[Mon Oct 29 03:17:52 2007] [error] [client 192.168.] PAM: user 'ppragin'
- not authenticated: Error in service module

 

 

Mysql  query log from Pam server when running svn checkout from server
(svntest):

131 Connect     nss at svntest <mailto:nss at svntest.solutionset.com>  on
nss_mysql

131 Query       select
user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.
gid from user where 

user.user_name='ppragin' and user.uid is not null and user.status = 'A'
order by user.uid

132 Connect     nss-shadow at svntest.  on nss_mysql

132 Init DB     nss_mysql

132 Query       SELECT  FROM  WHERE user.user_name = 'ppragin'

132 Quit

 

Mysql  query log from Pam server when running svn checkout from server
(newsvn):

753 Connect     nss at newsvn.  on nss_mysql

753 Query       select
user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.
gid from user where user.user_name='ppragin' 

and user.uid is not null and user.status = 'A' order by user.uid

753 Query       select
user.user_name,user.uid,NULL,user.realname,user.shell,user.homedir,user.
gid from user where user.user_name='ppragin' 

and user.uid is not null and user.status = 'A' order by user.uid

754 Connect     nss-shadow at newsvn.
<mailto:nss-shadow at newsvn.solutionset.com>   on nss_mysql

754 Init DB     nss_mysql

754 Query       SELECT user.Password FROM user WHERE
user.user_name='ppragin'

754 Quit

 

 

The difference: 

(svntest server)        132 Query       SELECT  FROM  WHERE
user.user_name = 'ppragin'

(newsvn server)       754 Query       SELECT user.Password FROM user
WHERE user.user_name='ppragin'

 

I can understand why "user.Password" is missing. This is how the
password is acquired from table "user" field "Password". 

This is why authentication is failing. One thing I don't understand is
where the information provided for this query comes from.

I don't see any mention of "user.Password" in any of the config files.
Maybe I am missing a step? Any ideas?

 

 

.

PAVEL PRAGIN 
ppragin at solutionset.com <mailto:ejohansson at solutionset.com>  

T >  650.328.3900
M > 650.521.4377 
F >  650.328.3901 

SolutionSet 
The Brand Technology Company 
http://www.SolutionSet.com <http://www.solutionset.com/>  

PA > 131 Lytton Ave., Palo Alto, CA 94301 
SF > 85 Second St., San Francisco, CA 94105 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20071030/0231d31e/attachment.htm>


More information about the Pam-list mailing list