[Nss-mysql-users] Problem with libnss-mysql

[Nick De Decker]

Hi,

I'm having troubles with libnss-mysql, well actually i dont know if i need
any addiotional modules or not for logging in.

I compiled libnss-mysql-035 with :


./configure --sysconfdir=/etc --disable-static --enable-shadow --enable-grou
p --enable-debug
  make
  make install

Then i configured /etc/nss-mysql.conf end nss-mysql-root.conf.

I granted select privileges to the nss and nss-shadow user for the nss_mysql
db.
I just used sample.sql to generate the contents of the nss_mysql db.
then i altered the user table and added columns such as min, max, warn, ...
as named in nss-mysql-root.conf file.

changed /etc/nsswitch.conf :
passwd:     files mysql
shadow:     files mysql
group:      files mysql

After this i tested with the tools finger and id and it worked :

address@hidden ~# id linus
uid=1002(linus) gid=3(sys) groups=3(sys)
address@hidden ~# finger linus
Login: linus                            Name: Linus Torvalds
Directory: /home/linus                  Shell: /bin/bash
Never logged in.
No mail.
No Plan.
address@hidden ~#

it dumps a lot of messages in /var/log/messages, but all seems good.

So far so good, but now i want to log in using ssh, su, ftp, ... but it
doesnt work.
When i login using ssh /var/log/messages gives me :

Mar 27 16:54:59 beluga nss-mysql[10036]: getpwnam called for linus
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_read_conf_file: called for
section users
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_read_conf_file ended for
section users
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_db_connect: connection with
host=localhost,user=nss,passwd=pixell,database
=nss_mysql,port=3306
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct called for
user linus
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_sqlprintf(): buffersize=1024,
len=177
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct: SQL
statement: select user.user_name,user.uid,user.pas
sword,user.realname,user.shell,user.homedir,user.gid from user where
user.user_name='linus' and user.uid is not null and
user.status = 'A'
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct: username
== linus
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct: password
== $1$pp$FiHzni87Pc3CeOaG24jZV/
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct: uid ==
1002
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct: gid == 3
Mar 27 16:54:59 beluga sshd[10036]: _nss_mysql_passwd_fill_struct finished
sucessfully
Mar 27 16:55:00 beluga PAM_pwdb[10036]: check pass; user unknown
Mar 27 16:55:00 beluga sshd[10036]: Failed password for linus from
192.168.1.15 port 3366

also when using the "passwd" program i get :

Retype new UNIX password:
passwd: User not known to the underlying authentication module


Mar 27 16:56:56 beluga passwd[10047]: _nss_mysql_passwd_fill_struct:
username == linus
Mar 27 16:56:56 beluga passwd[10047]: _nss_mysql_passwd_fill_struct:
password == $1$pp$FiHzni87Pc3CeOaG24jZV/
Mar 27 16:56:56 beluga passwd[10047]: _nss_mysql_passwd_fill_struct: uid ==
1002
Mar 27 16:56:56 beluga passwd[10047]: _nss_mysql_passwd_fill_struct: gid ==
3
Mar 27 16:56:56 beluga passwd[10047]: _nss_mysql_passwd_fill_struct finished
sucessfully
Mar 27 16:57:00 beluga PAM_pwdb[10047]: cannot identify user linus (uid=0)


i'm using pam.
here is the content of my sshd pam config :

address@hidden /etc/pam.d# cat sshd
#%PAM-1.0
auth       required     /lib/security/pam_pwdb.so shadow nodelay
auth       required     /lib/security/pam_nologin.so

account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_limits.so
address@hidden /etc/pam.d#


So i guess i must change something in here... but i dont have a clue what to
do next.
Do i need a special pam module ?

I also tested it with shadow support disabled but the problem was the same.

Regards,
Nick De Decker