[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nss-mysql-users] nss-mysql-root.conf
|
From: |
Nick De Decker |
|
Subject: |
Re: [Nss-mysql-users] nss-mysql-root.conf |
|
Date: |
Wed, 19 Jun 2002 20:47:36 +0200 |
Hi,
i tried it again but doesnt work :(
i get the following in /var/log/messages
Jun 19 22:32:54 etna sshd(pam_unix)[523]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=kaluga.i-visio
n.be user=ndedecke
Jun 19 22:32:57 etna sshd[523]: Failed password for ndedecke from
192.168.1.50 port 3406
(same error as when i enter an invalid password for a user in /etc/passwd)
However it does know about the user... when i try a user that isnt in
mysql-db or passwd i get this:
Jun 19 20:44:51 etna sshd[533]: Failed password for illegal user
klsdlksdklsd from 192.168.1.50 port 3409
Jun 19 20:44:56 etna sshd[533]: fatal: Read from socket failed: Connection
reset by peer
So it's just the password authentication that fails :(
my /etc/nss-mysql-root.conf contains the following:
address@hidden /etc/pam.d# cat /etc/nss-mysql-root.conf
conf.version = 2;
shadow.host = unix:/var/ivweb/mysql/mysql.sock;
shadow.database = nss_mysql;
shadow.db_user = nss-shadow;
shadow.db_password = testing;
shadow.table = user;
shadow.where_clause = user.status = 1;
shadow.userid_column = user.user_id;
shadow.user_column = user.user_name;
shadow.password_column = user.password;
shadow.lastchange_column = user.lastchange;
shadow.min_column = user.min;
shadow.max_column = user.max;
shadow.warn_column = user.warn;
shadow.inact_column = user.inact;
shadow.expire_column = user.expire;
i can login to the nss_mysql db with user nss-shadow from localhost and pass
"testing"
there i can select columns: status,user_id, user_name, password, lastchange,
min, max, warn, inact, expire.
So i guess this must be ok, right ?
Any tips :)
Nick
----- Original Message -----
From: "Jason Clifford" <address@hidden>
To: "Nick De Decker" <address@hidden>
Sent: Wednesday, June 19, 2002 6:37 PM
Subject: Re: [Nss-mysql-users] nss-mysql-root.conf
> On Wed, 19 Jun 2002, Nick De Decker wrote:
>
> > So you can authenticate using the standard pam_unix module ?
> > Never worked here :(
> > I just added the mysql entries to nsswitch.conf ... after that i could
> > succesfully lookup users with the "id" program, although authentication
with
> > sshd didnt work.
> > I'll give it another shot ...but coukd you maybe paste your pam ssh
> > configuration as an example ?
>
> I'm doing this on a Red Hat Linux box and I've not altered the ssh
> configuration at all from the default which is to use their system-auth
> configuration :
>
> auth required /lib/security/pam_env.so
> auth sufficient /lib/security/pam_unix.so likeauth nullok
> auth required /lib/security/pam_deny.so
>
> account required /lib/security/pam_unix.so
>
> password required /lib/security/pam_cracklib.so retry=3 type=
> password sufficient /lib/security/pam_unix.so nullok use_authtok md5
> shadow
> password required /lib/security/pam_deny.so
>
> session required /lib/security/pam_limits.so
> session required /lib/security/pam_unix.so
>
> As you can see it's absolutely standard.
>
> I did have an initial problem that turned out to be file permissions on
> homedir parent directories as I'm using group permissions to prevent users
> being able to see each others files, etc in the event that they break out
> of chroot - I don't expect them to but depth never hurts.
>
> Jason Clifford
>
>
- Re: [Nss-mysql-users] nss-mysql-root.conf,
Nick De Decker <=