Ubuntu
pam-mysql package

non-crypt()ish MD5 hash is not supported in this build

Bug #1006005 reported by Mitch Claborn on 2012-05-29

This bug affects 15 people

Affects		Status	Importance	Assigned to	Milestone
	pam-mysql (Debian)	Fix Released	Unknown	debbugs #373834
	pam-mysql (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Trying to use MD5 hash with pam-mysql. Contents of log below. This worked in previous versions of Ubuntu.

May 29 11:31:28 localhost lightdm: pam_mysql - non-crypt()ish MD5 hash is not supported in this build.
May 29 11:31:28 localhost lightdm: pam_mysql - option verbose is set to "1"
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_close_db() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_sm_authenticate() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_open_db() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_open_db() returning 0.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_check_passwd() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_format_string() called
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_quick_escape() called.
May 29 11:31:28 localhost lightdm: pam_mysql - SELECT passwordhash FROM operator WHERE username = 'xxxx' AND (operator.enabled=1)
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_check_passwd() returning 6.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_sql_log() called.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_sql_log() returning 0.
May 29 11:31:28 localhost lightdm: pam_mysql - pam_mysql_converse() called.

/etc/pam.d/lightdm

#%PAM-1.0
# 0=not encrypted, 1=crypt(3) function, 2=mysql password function, 3=md5
auth required pam_mysql.so verbose=0 user=xxxx passwd=xxxx db=xxxx host=mmdatabasehost table=operator usercolumn=username passwdcolumn=passwordhash crypt=3 where=operator.enabled=1 verbose=1
account required pam_mysql.so verbose=0 user=xxx passwd=xxxx db=xxx host=mmdatabasehost table=operator usercolumn=username passwdcolumn=passwordhash crypt=3 where=operator.enabled=1 verbose=1

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libpam-mysql 0.7~RC1-4build3
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic-pae 3.2.14
Uname: Linux 3.2.0-24-generic-pae i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 29 11:37:29 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release i386 (20120423.2)
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
SHELL=/bin/bash
SourcePackage: pam-mysql
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

Mitch Claborn (mitch-news) wrote on 2012-05-29:

Dependencies.txt Edit (534 bytes, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-06-18:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in pam-mysql (Ubuntu):
status:	New → Confirmed

Revision history for this message

Thomas Greenwood (09rp9wq1q1-n3c-anzd5soo2s) wrote on 2012-06-18:

The same also occurs with SHA1:

pam_mysql - non-crypt()ish SHA1 hash is not supported in this build.

Downloading the package source and using debuild without making any changes produces a package which does support SHA1.

Is this a build-depend issue?

Tom

Revision history for this message

fidian (fidian) wrote on 2012-07-02:

I'm not using SASL, but I'm also bitten by this bug. I've made a new package at my PPA that recompiles the source with OpenSSL support, which it looked like it was supposed to do anyway. You could try it out: https://launchpad.net/~team-mayhem/+archive/ppa

I wish I could help with figuring out why the original build didn't work out well. If any of my changes would be useful for the official Ubuntu/Debian package, you are welcome to take them.

Revision history for this message

Mitch Claborn (mitch-news) wrote on 2012-08-16:

Any progress toward a fix for this?

Revision history for this message

Lukas Wingerberg (h-k) wrote on 2013-01-27:

i have just stumbled accross the same issue on my debian wheezy box, same version of pam-mysql package on an x64 box
someone should really fix this please

Revision history for this message

Lukas Wingerberg (h-k) wrote on 2013-01-27:

the same actually happens with SHA1 aswell:

pam_mysql - non-crypt()ish SHA1 hash is not supported in this build.

Revision history for this message

Lukas Wingerberg (h-k) wrote on 2013-01-27:

also applying the debian patchset and recompiling the vanilla pam module from source fixes this error for debian aswell

Revision history for this message

Heiko Lechner (no-spam-to-me) wrote on 2013-03-07:

Nearly a year has gone and no official bug-fix?
I upgraded my server from 10.04 LTS to 12.04 LTS and now my vsftpd is useless, because I let vsftpd authenticate via pam-mysql with md5 hashed passwords in my mysql database.
I switched my server to ubuntu because I had enough from compiling source packages...

Revision history for this message

Mitch Claborn (mitch-news) wrote on 2013-03-07:

#10

Yes, it would certainly be nice to get a fix for this.

Revision history for this message

roze84 (roze84) wrote on 2013-07-22:

#11

Any news on this issue?

Revision history for this message

Mitch Claborn (mitch-news) wrote on 2013-07-22:

#12

I suspect that no one who can do anything about it is following this bug. Fairly frustrating.

Revision history for this message

Lele Long (schemacs) wrote on 2014-07-18:

#13

1, sudo apt-get install libmysqlclient-dev libpam-dev libssl-dev
2, ln -s /usr/include/openssl/md5.h /usr/include/md5.h
3, Makefile.in#109: DEFS = @DEFS@ -I. -I$(srcdir) -I. -DHAVE_OPENSSL
4, ./configure --prefix=/usr --with-openssl | grep md5

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373834