Ubuntu

non-crypt()ish MD5 hash is not supported in this build

Reported by Mitch Claborn on 2012-05-29
64
This bug affects 12 people
Affects Status Importance Assigned to Milestone
pam-mysql (Debian)
New
Undecided
Unassigned
pam-mysql (Ubuntu)
Undecided
Unassigned

Bug Description

Trying to use MD5 hash with pam-mysql. Contents of log below. This worked in previous versions of Ubuntu.

May 29 11:31:28 localhost lightdm: pam_mysql - non-crypt()ish MD5 hash is not supported in this build.
May 29 11:31:28 localhost lightdm: pam_mysql - option verbose is set to "1"
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_close_db() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_sm_authenticate() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_open_db() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_open_db() returning 0.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_check_passwd() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_format_string() called
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_quick_escape() called.
May 29 11:31:28 localhost lightdm: pam_mysql - SELECT passwordhash FROM operator WHERE username = 'xxxx' AND (operator.enabled=1)
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_check_passwd() returning 6.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_sql_log() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_sql_log() returning 0.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_converse() called.

/etc/pam.d/lightdm

#%PAM-1.0
# 0=not encrypted, 1=crypt(3) function, 2=mysql password function, 3=md5
auth required pam_mysql.so verbose=0 user=xxxx passwd=xxxx db=xxxx host=mmdatabasehost table=operator usercolumn=username passwdcolumn=passwordhash crypt=3 where=operator.enabled=1 verbose=1
account required pam_mysql.so verbose=0 user=xxx passwd=xxxx db=xxx host=mmdatabasehost table=operator usercolumn=username passwdcolumn=passwordhash crypt=3 where=operator.enabled=1 verbose=1

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libpam-mysql 0.7~RC1-4build3
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic-pae 3.2.14
Uname: Linux 3.2.0-24-generic-pae i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 29 11:37:29 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423.2)
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 SHELL=/bin/bash
SourcePackage: pam-mysql
UpgradeStatus: No upgrade log present (probably fresh install)

Mitch Claborn (mitch-news) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pam-mysql (Ubuntu):
status: New → Confirmed

The same also occurs with SHA1:

pam_mysql - non-crypt()ish SHA1 hash is not supported in this build.

Downloading the package source and using debuild without making any changes produces a package which does support SHA1.

Is this a build-depend issue?

Tom

fidian (fidian) wrote :

I'm not using SASL, but I'm also bitten by this bug. I've made a new package at my PPA that recompiles the source with OpenSSL support, which it looked like it was supposed to do anyway. You could try it out: https://launchpad.net/~team-mayhem/+archive/ppa

I wish I could help with figuring out why the original build didn't work out well. If any of my changes would be useful for the official Ubuntu/Debian package, you are welcome to take them.

Mitch Claborn (mitch-news) wrote :

Any progress toward a fix for this?

Lukas Wingerberg (h-k) wrote :

i have just stumbled accross the same issue on my debian wheezy box, same version of pam-mysql package on an x64 box
someone should really fix this please

Lukas Wingerberg (h-k) wrote :

the same actually happens with SHA1 aswell:

pam_mysql - non-crypt()ish SHA1 hash is not supported in this build.

Lukas Wingerberg (h-k) wrote :

also applying the debian patchset and recompiling the vanilla pam module from source fixes this error for debian aswell

Heiko Lechner (no-spam-to-me) wrote :

Nearly a year has gone and no official bug-fix?
I upgraded my server from 10.04 LTS to 12.04 LTS and now my vsftpd is useless, because I let vsftpd authenticate via pam-mysql with md5 hashed passwords in my mysql database.
I switched my server to ubuntu because I had enough from compiling source packages...

Mitch Claborn (mitch-news) wrote :

Yes, it would certainly be nice to get a fix for this.

roze84 (roze84) wrote :

Any news on this issue?

Mitch Claborn (mitch-news) wrote :

I suspect that no one who can do anything about it is following this bug. Fairly frustrating.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Related questions