Sample pam config listed in http://www.percona.com/doc/percona-pam-for-mysql/manual.html#configuring-pam-for-mysql makes authentication prompt twice
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
percona-pam-for-mysql |
New
|
Undecided
|
Unassigned |
Bug Description
If I use this config for /etc/pam.d/mysqld
auth required pam_unix.so
account required pam_unix.so
auth required pam_warn.so
auth required pam_unix.so audit
account required pam_unix.so audit
On mysql client:
mysql -u pam1 -ppam1pass
Password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.5.28-29.3 Percona Server (GPL), Release rel29.3, Revision 388
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> quit
On python client:
python dbconnect.py
Password:
On Java:
java SampleJDBC
test
com.mysql.
The last packet successfully received from the server was 12,664 milliseconds ago. The last packet sent successfully to the server was 12,664 milliseconds ago.
Removing/commenting the first two lines make PAM plugin authentication behave well:
#auth required pam_unix.so
#account required pam_unix.so
Sample connect scripts:
MySQL console:
mysql -u pam1 -ppam1pass
Python:
import MySQLdb
db = MySQLdb.
Java:
import java.sql.*;
public class SampleJDBC {
public static void main(String[] args) {
System.
System.
System.
System.
System.
try {
Class.
Connection con = DriverManager.
Statement statement = con.createState
ResultSet rs = statement.
for (int i = 1; i<= rs.getMetaData(
}
}
catch (Exception e) {
System.
}
}
}
The config is meant to be just
auth required pam_warn.so
auth required pam_unix.so audit
account required pam_unix.so audit
as per the docs, which is why it mentions it as 'you can expand it to be'.
So, yes, using it again in the end will lead to duplication in the PAM stack.