mysql-systemd fails with PAM auth and proxies
Bug #1558312 reported by
Nathan Stone
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
| 5.5 |
Fix Released
|
Undecided
|
Tomislav Plavcic | |||
| 5.6 |
Fix Released
|
Undecided
|
Tomislav Plavcic | |||
| 5.7 |
Invalid
|
Undecided
|
Tomislav Plavcic | |||
Bug Description
https:/
This changes causes mysql-systemd to fail on startup when using pam_auth_compat and proxy users because when UNKNOWN_MYSQL_USER doesn't match a local user, the pam plugin attempts to authenticate against the ''@'' user. pam_auth_compat requires the cleartext password plugin to be enabled, but the absence of environment variables and the "--no-defaults" option lead to a plugin error being returned instead of "access denied".
| tags: | added: pkg |
| Changed in percona-server: | |
| assignee: | nobody → Tomislav Plavcic (tplavcic) |
| tags: | added: pam |
Revision history for this message
| Nathan Stone (nastone) wrote | #1 |
Revision history for this message
| Tomislav Plavcic (tplavcic) wrote | #2 |
Revision history for this message
| Tomislav Plavcic (tplavcic) wrote | #3 |
Revision history for this message
| Shahriyar Rzayev (rzayev-sehriyar) wrote | #4 |
To post a comment you must log in.
I just discovered a work around. If you create a user ''@'localhost' using auth_pam or native authentication, it doesn't need to use the cleartext authentication plugin and returns "access denied" as the startup script expects.