Pam-mysql
P.
webwiz at pl.net
Wed Mar 5 23:35:50 UTC 2008
After nearly three days sweating on this im now stuck. Read out.
I want apache to authenticate access solely via mysql. The new
mod-authn-dbd is reputed to be buggy, and the old mod-auth-apache2-mysql
is absent in debian etch. So it appears im gpoing with pam.
Oddly, access works when it matchs a /etc/passwd user, which I dont want!.
Everything else fails to login, and presents a new login prompt, except
where a mysql entry matches, in which case the PAM log (mysql) says:
entry user pid host ts
AUTHENTICATION SUCCESS test 6193 (unknown) 2008-02-28 10:14:24
yet the browser gets:
401 Authorization Required
This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.
and var/log/apache/error.log gets
PAM: user 'ee' - invalid account: User not known to the underlying
authentication module
and /var/log/auth.log gets
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - SELECT
solarbus.spacepersons.password FROM so
larbus.spacepersons WHERE solarbus.spacepersons.username = 'ee'
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_sql_log() called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_format_string()
called
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_quick_escape()
called.
Feb 28 11:16:21 solarbus1 last message repeated 8 times
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - INSERT INTO pamlog (entry,
user, host, pid, t
s) VALUES ('AUTHENTICATION SUCCESS', 'ee', '(unknown)', '6193', NOW())
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_sql_log()
returning 0.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_check_passwd()
returning 0.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_sm_authenticate()
returning 0.
Feb 28 11:16:21 solarbus1 apache2: (pam_unix) could not identify user
(from getpwnam(ee))
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_release_ctx()
called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_destroy_ctx()
called.
Feb 28 11:16:21 solarbus1 apache2: pam_mysql - pam_mysql_close_db() called.
Looks like pam_mysql is oking it but pam_unix is being authoritative. Dont
know enough about pam to know why
Any clues appreciated.
Peter
Heres my /etc/pam.d/apache2
auth require pam_mysql.so verbose=1 user=peter passwd=xxxxx
host=127.0.0.1 db=solarb
us table=solarbus.spacepersons usercolumn=solarbus.spacepersons.username
passwdcolumn=sola
rbus.spacepersons.password crypt=0 sqllog=true logtable=pamlog
logmsgcolumn=entry logusercol
umn=user logpidcolumn=pid loghostcolumn=host logtimecolumn=ts
and /var/www/.htaccess
AuthPAM_Enabled on
AuthPAM_FallThrough off
AuthType Basic
AuthName "Intranet"
AuthUserFile /dev/null
AuthBasicAuthoritative Off
require valid-user
More information about the Pam-list
mailing list