mysql-systemd fails with PAM auth and proxies
Bug #1558312 reported by
Nathan Stone
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Fix Released
|
Undecided
|
Tomislav Plavcic | |||
5.6 |
Fix Released
|
Undecided
|
Tomislav Plavcic | |||
5.7 |
Invalid
|
Undecided
|
Tomislav Plavcic |
Bug Description
https:/
This changes causes mysql-systemd to fail on startup when using pam_auth_compat and proxy users because when UNKNOWN_MYSQL_USER doesn't match a local user, the pam plugin attempts to authenticate against the ''@'' user. pam_auth_compat requires the cleartext password plugin to be enabled, but the absence of environment variables and the "--no-defaults" option lead to a plugin error being returned instead of "access denied".
tags: | added: pkg |
Changed in percona-server: | |
assignee: | nobody → Tomislav Plavcic (tplavcic) |
tags: | added: pam |
To post a comment you must log in.
I just discovered a work around. If you create a user ''@'localhost' using auth_pam or native authentication, it doesn't need to use the cleartext authentication plugin and returns "access denied" as the startup script expects.