ALT Linux Community general discussions
 help / color / mirror / Atom feed
From: Pavlov Konstantin <thresh@cpms.ru>
To: sisyphus@lists.altlinux.org, community@lists.altlinux.org
Subject: [Comm] PAM, MySQL, sshd.
Date: Mon, 19 Dec 2005 21:34:47 +0300
Message-ID: <20051219213447.5c275bb1@snowflake.cryo.net.ru> (raw)

Привет всем.

Есть задача сделать возможной авторизацию на сервере пользователей,
данные о которых храняться в MySQL. 

Для этого использую:

pam-mysql-0.7-alt9.pre3 (обновленная версия из sisyphus),
nss-mysql-1.0-alt1 с http://savannah.nongnu.org/projects/nss-mysql/ (в
сизифе пока нет)

Пока смог достичь того, что пользователи могут логиниться локально
(с клавиатуры :), посредством "su - username" и по FTP (proftpd).

При логине по ssh выводит следующее:
---
 Dec 19 21:20:54 exchange sshd[29795]: Unknown username from
172.16.127.131 
...
Dec 19 21:20:54 exchange sshd[29795]: pam_mysql - SELECT password FROM
user WHERE user_name = 'ILLEGAL USER' 
Dec 19 21:20:54 exchange sshd[29795]: pam_mysql - SELECT returned no
result.
...
 Dec 19 21:20:55 exchange sshd[29795]: pam_tcb(sshd:auth):
Authentication failed for UNKNOWN USER from (uid=0) 
---

Собственно /etc/pam.d/sshd:
---
#%PAM-1.0
auth     required       pam_userpass.so

auth     sufficient     pam_mysql.so user=nssuser passwd=nsssqluser
db=nss table=user usercolumn=user_name passwdcolumn=password crypt=0
verbose=1 use_first_pass

auth     required       pam_tcb.so shadow fork prefix=$2a$ count=8
nullok nodelay blank_nolog use_first_pass auth required pam_nologin.so
account include        system-auth
password include        system-auth 
session include        system-auth
---

Подскажите, что не так?

-- 
Best regards,
 Pavlov Konstantin, CPMS Network
 http://network.cpms.ru/
 jid: thresh@altlinux.org


                 reply	other threads:[~2005-12-19 18:34 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051219213447.5c275bb1@snowflake.cryo.net.ru \
    --to=thresh@cpms.ru \
    --cc=community@lists.altlinux.org \
    --cc=sisyphus@lists.altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git