non-crypt()ish MD5 hash is not supported in this build

Bug #1006005 reported by Mitch Claborn on 2012-05-29
68
This bug affects 13 people
Affects Status Importance Assigned to Milestone
pam-mysql (Debian)
New
Undecided
Unassigned
pam-mysql (Ubuntu)
Undecided
Unassigned

Bug Description

Trying to use MD5 hash with pam-mysql. Contents of log below. This worked in previous versions of Ubuntu.

May 29 11:31:28 localhost lightdm: pam_mysql - non-crypt()ish MD5 hash is not supported in this build.
May 29 11:31:28 localhost lightdm: pam_mysql - option verbose is set to "1"
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_close_db() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_sm_authenticate() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_open_db() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_open_db() returning 0.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_check_passwd() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_format_string() called
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_quick_escape() called.
May 29 11:31:28 localhost lightdm: pam_mysql - SELECT passwordhash FROM operator WHERE username = 'xxxx' AND (operator.enabled=1)
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_check_passwd() returning 6.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_sql_log() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_sql_log() returning 0.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_converse() called.

/etc/pam.d/lightdm

#%PAM-1.0
# 0=not encrypted, 1=crypt(3) function, 2=mysql password function, 3=md5
auth required pam_mysql.so verbose=0 user=xxxx passwd=xxxx db=xxxx host=mmdatabasehost table=operator usercolumn=username passwdcolumn=passwordhash crypt=3 where=operator.enabled=1 verbose=1
account required pam_mysql.so verbose=0 user=xxx passwd=xxxx db=xxx host=mmdatabasehost table=operator usercolumn=username passwdcolumn=passwordhash crypt=3 where=operator.enabled=1 verbose=1

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libpam-mysql 0.7~RC1-4build3
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic-pae 3.2.14
Uname: Linux 3.2.0-24-generic-pae i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 29 11:37:29 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423.2)
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 SHELL=/bin/bash
SourcePackage: pam-mysql
UpgradeStatus: No upgrade log present (probably fresh install)

Mitch Claborn (mitch-news) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pam-mysql (Ubuntu):
status: New → Confirmed

The same also occurs with SHA1:

pam_mysql - non-crypt()ish SHA1 hash is not supported in this build.

Downloading the package source and using debuild without making any changes produces a package which does support SHA1.

Is this a build-depend issue?

Tom

fidian (fidian) wrote :

I'm not using SASL, but I'm also bitten by this bug. I've made a new package at my PPA that recompiles the source with OpenSSL support, which it looked like it was supposed to do anyway. You could try it out: https://launchpad.net/~team-mayhem/+archive/ppa

I wish I could help with figuring out why the original build didn't work out well. If any of my changes would be useful for the official Ubuntu/Debian package, you are welcome to take them.

Mitch Claborn (mitch-news) wrote :

Any progress toward a fix for this?

Lukas Wingerberg (h-k) wrote :

i have just stumbled accross the same issue on my debian wheezy box, same version of pam-mysql package on an x64 box
someone should really fix this please

Lukas Wingerberg (h-k) wrote :

the same actually happens with SHA1 aswell:

pam_mysql - non-crypt()ish SHA1 hash is not supported in this build.

Lukas Wingerberg (h-k) wrote :

also applying the debian patchset and recompiling the vanilla pam module from source fixes this error for debian aswell

Heiko Lechner (no-spam-to-me) wrote :

Nearly a year has gone and no official bug-fix?
I upgraded my server from 10.04 LTS to 12.04 LTS and now my vsftpd is useless, because I let vsftpd authenticate via pam-mysql with md5 hashed passwords in my mysql database.
I switched my server to ubuntu because I had enough from compiling source packages...

Mitch Claborn (mitch-news) wrote :

Yes, it would certainly be nice to get a fix for this.

roze84 (roze84) wrote :

Any news on this issue?

Mitch Claborn (mitch-news) wrote :

I suspect that no one who can do anything about it is following this bug. Fairly frustrating.

Lele Long (schemacs) wrote :

1, sudo apt-get install libmysqlclient-dev libpam-dev libssl-dev
2, ln -s /usr/include/openssl/md5.h /usr/include/md5.h
3, Makefile.in#109: DEFS = @DEFS@ -I. -I$(srcdir) -I. -DHAVE_OPENSSL
4, ./configure --prefix=/usr --with-openssl | grep md5

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373834

stesco (stefano-scotti) wrote :

Lele Long's solution works for me.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.