LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

September 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS September 2013

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	pam + mysql + vsftp
From:	Steven Haigh <[log in to unmask]>
Reply To:	Steven Haigh <[log in to unmask]>
Date:	Wed, 18 Sep 2013 13:11:02 +1000
Content-Type:	multipart/signed
Parts/Attachments:	text/plain (2923 bytes) , signature.asc (851 bytes)

Hi all,

I've been butting my head against this one for a while - so I figured
its time to get help... ;)

I'm trying to use pam_mysql to authenticate FTP users via PAM.

I've edited the /etc/pam.d/vsftpd to contain:
auth required pam_mysql.so config_file=/etc/vsftpd/vsftpd-mysql.conf
crypt=1 verbose=1
account required pam_mysql.so config_file=/etc/vsftpd/vsftpd-mysql.conf
crypt=1 verbose=1

The passwords are stored in a MySQL database as ssha512 format. This
means they look something like:
{SHA512-CRYPT}$6$qLv.........

When I try to use this account, I see the following in /var/log/messages:
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_sm_authenticate() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_open_db() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_open_db()
returning 0.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_format_string()
called
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_quick_escape()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - SELECT password FROM
users WHERE CONCAT(username, "@", domain) = [log in to unmask]
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
returning 6.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log()
returning 0.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_converse() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_open_db() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_format_string()
called
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_quick_escape()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - SELECT password FROM
users WHERE CONCAT(username, "@", domain) = [log in to unmask]
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
returning 6.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log()
returning 0.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_sm_authenticate()
returning 7.
Sep 18 13:03:45 www vsftpd[11368]: pam_mysql - pam_mysql_release_ctx()
called.
Sep 18 13:03:45 www vsftpd[11368]: pam_mysql - pam_mysql_destroy_ctx()
called.
Sep 18 13:03:45 www vsftpd[11368]: pam_mysql - pam_mysql_close_db() called.

I can't find any real info on what pam_mysql_check_passwd() returning 6
means - but I assume its a password check failure.

My only thought is that somehow the password format supplied by the
database (which works on dovecot) is different than expected by PAM...

Does anyone have any thoughts on this?

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV