PAM Authentication
171 views
Skip to first unread message
Danillo Souza
Aug 28, 2012, 5:53:12 PM8/28/12
to percona-d...@googlegroups.com
Hi guys,
I'm trying to use Percona's PAM and apparently it have been installed correctly:
+-----------------------+----------+--------------------+-------------+---------+
| Name | Status | Type | Library
| License |
+-----------------------+----------+--------------------+-------------+---------+
....
| auth_pam | ACTIVE | AUTHENTICATION | auth_pam.so
| GPL |
+-----------------------+----------+--------------------+-------------+---------+
but when i try to log in using my Ubuntu credentials, I got the following error:
===================
mysql -udanillo -p123
ERROR 1045 (28000): Access denied for user 'danillo'@'localhost'
(using password: YES)
===================
The /var/log/auth.log puts the following:
===================
Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: check pass; user unknown
Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: password check failed
for user (danillo)
Aug 28 18:41:38 moip-kubuntu mysqld[12438]: pam_unix(mysqld:auth):
authentication failure; logname= uid=113 euid=113 tty= ruser=danillo
rhost=localhost user=danillo
===================
where uid 113 = mysql;
I've already edited my.cnf adding the plugin-dir under [client] tag
and created a user danillo like following:
===================
CREATE USER 'danillo'@'localhost' IDENTIFIED WITH auth_pam;
===================
The /etc/pam.d/mysqld is just like:
================== [I already tried to remove the 'includes']
@include common-auth
auth required pam_unix.so audit
account required pam_unix.so audit
@include common-account
@include common-session-noninteractive
==================
I'm using Ubuntu 12.04, MySQL 5.5.25 and PAM downloaded via brz
following the Percona's PAM's Documentation.
Any clue about it?
Thanks and sorry about my English,
Danillo Souza
I'm trying to use Percona's PAM and apparently it have been installed correctly:
+-----------------------+----------+--------------------+-------------+---------+
| Name | Status | Type | Library
| License |
+-----------------------+----------+--------------------+-------------+---------+
....
| auth_pam | ACTIVE | AUTHENTICATION | auth_pam.so
| GPL |
+-----------------------+----------+--------------------+-------------+---------+
but when i try to log in using my Ubuntu credentials, I got the following error:
===================
mysql -udanillo -p123
ERROR 1045 (28000): Access denied for user 'danillo'@'localhost'
(using password: YES)
===================
The /var/log/auth.log puts the following:
===================
Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: check pass; user unknown
Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: password check failed
for user (danillo)
Aug 28 18:41:38 moip-kubuntu mysqld[12438]: pam_unix(mysqld:auth):
authentication failure; logname= uid=113 euid=113 tty= ruser=danillo
rhost=localhost user=danillo
===================
where uid 113 = mysql;
I've already edited my.cnf adding the plugin-dir under [client] tag
and created a user danillo like following:
===================
CREATE USER 'danillo'@'localhost' IDENTIFIED WITH auth_pam;
===================
The /etc/pam.d/mysqld is just like:
================== [I already tried to remove the 'includes']
@include common-auth
auth required pam_unix.so audit
account required pam_unix.so audit
@include common-account
@include common-session-noninteractive
==================
I'm using Ubuntu 12.04, MySQL 5.5.25 and PAM downloaded via brz
following the Percona's PAM's Documentation.
Any clue about it?
Thanks and sorry about my English,
Danillo Souza
Laurynas Biveinis
Aug 28, 2012, 11:41:05 PM8/28/12
to percona-d...@googlegroups.com
Danillo -
On Wed, Aug 29, 2012 at 12:53 AM, Danillo Souza <danil...@gmail.com> wrote:
> The /var/log/auth.log puts the following:
> ===================
> Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: check pass; user unknown
> Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: password check failed
> for user (danillo)
> Aug 28 18:41:38 moip-kubuntu mysqld[12438]: pam_unix(mysqld:auth):
> authentication failure; logname= uid=113 euid=113 tty= ruser=danillo
> rhost=localhost user=danillo
> ===================
> where uid 113 = mysql;
Is the system user that is used for running mysqld process part of
shadow group? See
http://www.percona.com/doc/percona-pam-for-mysql/faq.html, section
"Can I use the PAM plugin to authenticate against /etc/shadow?"
--
Laurynas
www.percona.com
On Wed, Aug 29, 2012 at 12:53 AM, Danillo Souza <danil...@gmail.com> wrote:
> The /var/log/auth.log puts the following:
> ===================
> Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: check pass; user unknown
> Aug 28 18:41:38 moip-kubuntu unix_chkpwd[13261]: password check failed
> for user (danillo)
> Aug 28 18:41:38 moip-kubuntu mysqld[12438]: pam_unix(mysqld:auth):
> authentication failure; logname= uid=113 euid=113 tty= ruser=danillo
> rhost=localhost user=danillo
> ===================
> where uid 113 = mysql;
shadow group? See
http://www.percona.com/doc/percona-pam-for-mysql/faq.html, section
"Can I use the PAM plugin to authenticate against /etc/shadow?"
--
Laurynas
www.percona.com
Danillo Souza
Aug 30, 2012, 6:13:20 AM8/30/12
to percona-d...@googlegroups.com
That was the trick.
I've edited the /etc/group adding mysql and my system user (I don't
know why but only the mysql user was not working) under shadow group.
Thank you Laurynas..
Danillo Souza
2012/8/29 Laurynas Biveinis <laurynas...@percona.com>:
> --
> You received this message because you are subscribed to the Google Groups "Percona Discussion" group.
> To post to this group, send email to percona-d...@googlegroups.com.
> To unsubscribe from this group, send email to percona-discuss...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/percona-discussion?hl=en.
>
I've edited the /etc/group adding mysql and my system user (I don't
know why but only the mysql user was not working) under shadow group.
Thank you Laurynas..
Danillo Souza
2012/8/29 Laurynas Biveinis <laurynas...@percona.com>:
> You received this message because you are subscribed to the Google Groups "Percona Discussion" group.
> To post to this group, send email to percona-d...@googlegroups.com.
> To unsubscribe from this group, send email to percona-discuss...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/percona-discussion?hl=en.
>
Reply all
Reply to author
Forward
0 new messages