pam not working on centos?
Jason Gerfen
jason.gerfen at scl.utah.edu
Mon Feb 4 12:33:06 UTC 2008
It doesn't look like the Openssl libraries were used during the initial
configure command. If you are working with an RPM you may need to do a
little research on how to get the pam_mysql rpm module to use the
openssl libraries.
The error you originally reported:
badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16):
>> > encryption needed to use mechanism: security flags do not match
>> > required]
>> >
>> > badlogin:host1 [127.0.0.1] plaintext cyrus at fbla1host1 SASL(-13):
>> > authentication failure: checkpass failed
>> >
>> > Feb 1 17:29:11 frontend-A1 mupdate[2048]: No worthy mechs found
Is attempting to use the OpenSSL libraries in ensure that when the
pam_mysql module communicates with the server it is sending the data
through an encrypted stream.
Because I am not 100% familiar with the pam_mysql module you may need to
either 1: setup a shared x509 security certificate on the server so the
clients can use to send through the encrypted stream. 2: recompile the
pam_mysql module with the optional openssl libraries.
I would suggest at this point to do some more research on the module
itself in case you are missing something.
rupert wrote:
> On Fri, Feb 1, 2008 at 6:47 PM, Jason Gerfen <jason.gerfen at scl.utah.edu> wrote:
>> Ensure your openssl libraries are being linked against with the
>> pam_mysql module or configure it to not use SSL. A good way to test is
>> to run the 'ldd' command on the pam_mysql module and even the 'nm'
>> command to ensure the proper functions are used and were built during
>> compile.
>>
> is this ok?
>
> ldd /lib/security/pam_mysql.so
> libmysqlclient.so.15 => /usr/lib64/mysql/libmysqlclient.so.15
> (0x00002aaaaacc0000)
> libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaab030000)
> libnsl.so.1 => /lib64/libnsl.so.1 (0x00002aaaab244000)
> libm.so.6 => /lib64/libm.so.6 (0x00002aaaab45d000)
> libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaab6e0000)
> libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaab929000)
> libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaabc72000)
> libc.so.6 => /lib64/libc.so.6 (0x00002aaaabea6000)
> libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
> (0x00002aaaac1f6000)
> libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaac425000)
> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaac6b7000)
> libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaac8b9000)
> libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaacadf000)
> /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
> libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
> (0x00002aaaacce3000)
> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaaceeb000)
> libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaad0ee000)
> libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaad303000)
> libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaad51c000)
>
> nm /lib/security/pam_mysql.so
> 0000000000209078 a _DYNAMIC
> 0000000000209290 a _GLOBAL_OFFSET_TABLE_
> w _Jv_RegisterClasses
> 0000000000209008 d __CTOR_END__
> 0000000000209000 d __CTOR_LIST__
> 0000000000209018 d __DTOR_END__
> 0000000000209010 d __DTOR_LIST__
> 0000000000008c80 r __FRAME_END__
> 0000000000209020 d __JCR_END__
> 0000000000209020 d __JCR_LIST__
> 0000000000209af0 A __bss_start
> w __cxa_finalize@@GLIBC_2.2.5
> 0000000000006e00 t __do_global_ctors_aux
> 0000000000001f20 t __do_global_dtors_aux
> 0000000000209070 d __dso_handle
> U __errno_location@@GLIBC_2.2.5
> w __gmon_start__
> U __stack_chk_fail@@GLIBC_2.4
> U __strtol_internal@@GLIBC_2.2.5
> U __syslog_chk@@GLIBC_2.4
> 0000000000209af0 A _edata
> 0000000000209b00 A _end
> 0000000000006e38 T _fini
> 0000000000001bc8 T _init
> 0000000000001f00 t call_gmon_start
> U calloc@@GLIBC_2.2.5
> U close@@GLIBC_2.2.5
> 0000000000209af8 b completed.6140
> U crypt@@GLIBC_2.2.5
> 0000000000209af0 b dtor_idx.6142
> 0000000000001fa0 t frame_dummy
> U free@@GLIBC_2.2.5
> U freeaddrinfo@@GLIBC_2.2.5
> U getaddrinfo@@GLIBC_2.2.5
> U geteuid@@GLIBC_2.2.5
> U gethostname@@GLIBC_2.2.5
> U getpid@@GLIBC_2.2.5
> U getuid@@GLIBC_2.2.5
> 0000000000007540 r hint.8265
> U inet_ntop@@GLIBC_2.2.5
> U make_scrambled_password@@libmysqlclient_15
> U make_scrambled_password_323@@libmysqlclient_15
> U memchr@@GLIBC_2.2.5
> U memcpy@@GLIBC_2.2.5
> 0000000000002bb0 t memcspn
> U memset@@GLIBC_2.2.5
> 0000000000001fd0 t memspn
> U mysql_close@@libmysqlclient_15
> U mysql_error@@libmysqlclient_15
> U mysql_fetch_row@@libmysqlclient_15
> U mysql_free_result@@libmysqlclient_15
> U mysql_init@@libmysqlclient_15
> U mysql_num_rows@@libmysqlclient_15
> U mysql_real_connect@@libmysqlclient_15
> U mysql_real_escape_string@@libmysqlclient_15
> U mysql_real_query@@libmysqlclient_15
> U mysql_select_db@@libmysqlclient_15
> U mysql_store_result@@libmysqlclient_15
> U open64@@GLIBC_2.2.5
> 0000000000209740 d options
> U pam_get_data
> U pam_get_item
> U pam_get_user
> 0000000000209ae0 d pam_mysql_boolean_opt_accr
> 0000000000002100 t pam_mysql_boolean_opt_getter
> 00000000000025f0 t pam_mysql_boolean_opt_setter
> 0000000000004ea0 t pam_mysql_check_passwd
> 0000000000003ec0 t pam_mysql_cleanup_hdlr
> 0000000000003ae0 t pam_mysql_close_db
> 0000000000209040 d pam_mysql_config_token_name
> 0000000000003f00 t pam_mysql_converse
> 0000000000209ad0 d pam_mysql_crypt_opt_accr
> 0000000000002130 t pam_mysql_crypt_opt_getter
> 0000000000002480 t pam_mysql_crypt_opt_setter
> 0000000000003b30 t pam_mysql_destroy_ctx
> 0000000000002290 t pam_mysql_entry_handler_destroy
> 0000000000209440 d pam_mysql_entry_handler_options
> 00000000000042b0 T pam_mysql_find_option
> 0000000000004400 t pam_mysql_format_string
> 0000000000004300 T pam_mysql_get_option
> 0000000000006cb0 t pam_mysql_handle_entry
> 00000000000037a0 t pam_mysql_open_db
> 0000000000005330 t pam_mysql_parse_args
> 0000000000004c20 t pam_mysql_query_user_stat
> 0000000000003a10 t pam_mysql_quick_escape
> 0000000000002ec0 t pam_mysql_read_config_file
> 0000000000003cd0 t pam_mysql_retrieve_ctx
> 0000000000005240 T pam_mysql_set_option
> 0000000000004820 t pam_mysql_sql_log
> 0000000000002ae0 t pam_mysql_str_append
> 0000000000002b50 t pam_mysql_str_append_char
> 0000000000002b70 t pam_mysql_str_destroy
> 00000000000021c0 t pam_mysql_str_init
> 0000000000002960 t pam_mysql_str_reserve
> 00000000000021e0 t pam_mysql_str_truncate
> 0000000000002ea0 t pam_mysql_stream_close
> 0000000000002850 t pam_mysql_stream_getc
> 0000000000002c20 t pam_mysql_stream_read_cspn
> 00000000000026f0 t pam_mysql_stream_skip_spn
> 0000000000002210 t pam_mysql_stream_ungetc
> 0000000000209ac0 d pam_mysql_string_opt_accr
> 00000000000020f0 t pam_mysql_string_opt_getter
> 0000000000002420 t pam_mysql_string_opt_setter
> U pam_set_data
> U pam_set_item
> 0000000000006530 T pam_sm_acct_mgmt
> 0000000000006790 T pam_sm_authenticate
> 0000000000005830 T pam_sm_chauthtok
> 0000000000005480 T pam_sm_close_session
> 0000000000005660 T pam_sm_open_session
> 00000000000022a0 T pam_sm_setcred
> U pam_strerror
> U read@@GLIBC_2.2.5
> U realloc@@GLIBC_2.2.5
> 0000000000007580 r saltstr.8671
> U strcasecmp@@GLIBC_2.2.5
> U strchr@@GLIBC_2.2.5
> U strcmp@@GLIBC_2.2.5
> U strerror@@GLIBC_2.2.5
> U strlen@@GLIBC_2.2.5
> 0000000000002380 t strnncpy
> 00000000000022b0 t xcalloc
> 0000000000002400 t xfree
> 00000000000023d0 t xfree_overwrite
> 0000000000002670 t xrealloc
> 0000000000002320 t xstrdup
>
>
>>
>> rupert wrote:
>> > Hello,
>> > i installed a complete cyrus murder setup in a VMware machine and now
>> > im transferring my configuration to a real 64Bit machine, i donwloaded
>> > pam_mysql and compiled it,
>> > when I try to login with cyradmin or imtest i always get some errors
>> > and there isnt even a query executed in mysql.
>> > How can i fix this?
>> >
>> >
>> > badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16):
>> > encryption needed to use mechanism: security flags do not match
>> > required]
>> >
>> > badlogin:host1 [127.0.0.1] plaintext cyrus at fbla1host1 SASL(-13):
>> > authentication failure: checkpass failed
>> >
>> > Feb 1 17:29:11 frontend-A1 mupdate[2048]: No worthy mechs found
>> >
>> >
>> > thx a lot
>> >
>> > _______________________________________________
>> > Pam-list mailing list
>> > Pam-list at redhat.com
>> > https://www.redhat.com/mailman/listinfo/pam-list
>>
>>
>> --
>> Jason Gerfen
>>
>> "I practice my religion
>> while stepping on your
>> toes..."
>> ~The Ditty Bops
>>
>> _______________________________________________
>> Pam-list mailing list
>> Pam-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/pam-list
>>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Jason Gerfen
"I practice my religion
while stepping on your
toes..."
~The Ditty Bops
More information about the Pam-list
mailing list