pam not working on centos?

Jason Gerfen jason.gerfen at scl.utah.edu
Mon Feb 4 12:33:06 UTC 2008 

It doesn't look like the Openssl libraries were used during the initial
configure command. If you are working with an RPM you may need to do a
little research on how to get the pam_mysql rpm module to use the
openssl libraries.

The error you originally reported:
badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16):
>>  > encryption needed to use mechanism: security flags do not match
>>  > required]
>>  >
>>  > badlogin:host1 [127.0.0.1] plaintext cyrus at fbla1host1 SASL(-13):
>>  > authentication failure: checkpass failed
>>  >
>>  > Feb  1 17:29:11 frontend-A1 mupdate[2048]: No worthy mechs found

Is attempting to use the OpenSSL libraries in ensure that when the
pam_mysql module communicates with the server it is sending the data
through an encrypted stream.

Because I am not 100% familiar with the pam_mysql module you may need to
either 1: setup a shared x509 security certificate on the server so the
clients can use to send through the encrypted stream. 2: recompile the
pam_mysql module with the optional openssl libraries.

I would suggest at this point to do some more research on the module
itself in case you are missing something.

rupert wrote:
> On Fri, Feb 1, 2008 at 6:47 PM, Jason Gerfen <jason.gerfen at scl.utah.edu> wrote:
>> Ensure your openssl libraries are being linked against with the
>>  pam_mysql module or configure it to not use SSL. A good way to test is
>>  to run the 'ldd' command on the pam_mysql module and even the 'nm'
>>  command to ensure the proper functions are used and were built during
>>  compile.
>>
> is this ok?
> 
> ldd /lib/security/pam_mysql.so
>         libmysqlclient.so.15 => /usr/lib64/mysql/libmysqlclient.so.15
> (0x00002aaaaacc0000)
>         libz.so.1 => /usr/lib64/libz.so.1 (0x00002aaaab030000)
>         libnsl.so.1 => /lib64/libnsl.so.1 (0x00002aaaab244000)
>         libm.so.6 => /lib64/libm.so.6 (0x00002aaaab45d000)
>         libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaab6e0000)
>         libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002aaaab929000)
>         libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002aaaabc72000)
>         libc.so.6 => /lib64/libc.so.6 (0x00002aaaabea6000)
>         libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
> (0x00002aaaac1f6000)
>         libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002aaaac425000)
>         libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002aaaac6b7000)
>         libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002aaaac8b9000)
>         libdl.so.2 => /lib64/libdl.so.2 (0x00002aaaacadf000)
>         /lib64/ld-linux-x86-64.so.2 (0x0000555555554000)
>         libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
> (0x00002aaaacce3000)
>         libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002aaaaceeb000)
>         libresolv.so.2 => /lib64/libresolv.so.2 (0x00002aaaad0ee000)
>         libselinux.so.1 => /lib64/libselinux.so.1 (0x00002aaaad303000)
>         libsepol.so.1 => /lib64/libsepol.so.1 (0x00002aaaad51c000)
> 
> nm /lib/security/pam_mysql.so
> 0000000000209078 a _DYNAMIC
> 0000000000209290 a _GLOBAL_OFFSET_TABLE_
>                  w _Jv_RegisterClasses
> 0000000000209008 d __CTOR_END__
> 0000000000209000 d __CTOR_LIST__
> 0000000000209018 d __DTOR_END__
> 0000000000209010 d __DTOR_LIST__
> 0000000000008c80 r __FRAME_END__
> 0000000000209020 d __JCR_END__
> 0000000000209020 d __JCR_LIST__
> 0000000000209af0 A __bss_start
>                  w __cxa_finalize@@GLIBC_2.2.5
> 0000000000006e00 t __do_global_ctors_aux
> 0000000000001f20 t __do_global_dtors_aux
> 0000000000209070 d __dso_handle
>                  U __errno_location@@GLIBC_2.2.5
>                  w __gmon_start__
>                  U __stack_chk_fail@@GLIBC_2.4
>                  U __strtol_internal@@GLIBC_2.2.5
>                  U __syslog_chk@@GLIBC_2.4
> 0000000000209af0 A _edata
> 0000000000209b00 A _end
> 0000000000006e38 T _fini
> 0000000000001bc8 T _init
> 0000000000001f00 t call_gmon_start
>                  U calloc@@GLIBC_2.2.5
>                  U close@@GLIBC_2.2.5
> 0000000000209af8 b completed.6140
>                  U crypt@@GLIBC_2.2.5
> 0000000000209af0 b dtor_idx.6142
> 0000000000001fa0 t frame_dummy
>                  U free@@GLIBC_2.2.5
>                  U freeaddrinfo@@GLIBC_2.2.5
>                  U getaddrinfo@@GLIBC_2.2.5
>                  U geteuid@@GLIBC_2.2.5
>                  U gethostname@@GLIBC_2.2.5
>                  U getpid@@GLIBC_2.2.5
>                  U getuid@@GLIBC_2.2.5
> 0000000000007540 r hint.8265
>                  U inet_ntop@@GLIBC_2.2.5
>                  U make_scrambled_password@@libmysqlclient_15
>                  U make_scrambled_password_323@@libmysqlclient_15
>                  U memchr@@GLIBC_2.2.5
>                  U memcpy@@GLIBC_2.2.5
> 0000000000002bb0 t memcspn
>                  U memset@@GLIBC_2.2.5
> 0000000000001fd0 t memspn
>                  U mysql_close@@libmysqlclient_15
>                  U mysql_error@@libmysqlclient_15
>                  U mysql_fetch_row@@libmysqlclient_15
>                  U mysql_free_result@@libmysqlclient_15
>                  U mysql_init@@libmysqlclient_15
>                  U mysql_num_rows@@libmysqlclient_15
>                  U mysql_real_connect@@libmysqlclient_15
>                  U mysql_real_escape_string@@libmysqlclient_15
>                  U mysql_real_query@@libmysqlclient_15
>                  U mysql_select_db@@libmysqlclient_15
>                  U mysql_store_result@@libmysqlclient_15
>                  U open64@@GLIBC_2.2.5
> 0000000000209740 d options
>                  U pam_get_data
>                  U pam_get_item
>                  U pam_get_user
> 0000000000209ae0 d pam_mysql_boolean_opt_accr
> 0000000000002100 t pam_mysql_boolean_opt_getter
> 00000000000025f0 t pam_mysql_boolean_opt_setter
> 0000000000004ea0 t pam_mysql_check_passwd
> 0000000000003ec0 t pam_mysql_cleanup_hdlr
> 0000000000003ae0 t pam_mysql_close_db
> 0000000000209040 d pam_mysql_config_token_name
> 0000000000003f00 t pam_mysql_converse
> 0000000000209ad0 d pam_mysql_crypt_opt_accr
> 0000000000002130 t pam_mysql_crypt_opt_getter
> 0000000000002480 t pam_mysql_crypt_opt_setter
> 0000000000003b30 t pam_mysql_destroy_ctx
> 0000000000002290 t pam_mysql_entry_handler_destroy
> 0000000000209440 d pam_mysql_entry_handler_options
> 00000000000042b0 T pam_mysql_find_option
> 0000000000004400 t pam_mysql_format_string
> 0000000000004300 T pam_mysql_get_option
> 0000000000006cb0 t pam_mysql_handle_entry
> 00000000000037a0 t pam_mysql_open_db
> 0000000000005330 t pam_mysql_parse_args
> 0000000000004c20 t pam_mysql_query_user_stat
> 0000000000003a10 t pam_mysql_quick_escape
> 0000000000002ec0 t pam_mysql_read_config_file
> 0000000000003cd0 t pam_mysql_retrieve_ctx
> 0000000000005240 T pam_mysql_set_option
> 0000000000004820 t pam_mysql_sql_log
> 0000000000002ae0 t pam_mysql_str_append
> 0000000000002b50 t pam_mysql_str_append_char
> 0000000000002b70 t pam_mysql_str_destroy
> 00000000000021c0 t pam_mysql_str_init
> 0000000000002960 t pam_mysql_str_reserve
> 00000000000021e0 t pam_mysql_str_truncate
> 0000000000002ea0 t pam_mysql_stream_close
> 0000000000002850 t pam_mysql_stream_getc
> 0000000000002c20 t pam_mysql_stream_read_cspn
> 00000000000026f0 t pam_mysql_stream_skip_spn
> 0000000000002210 t pam_mysql_stream_ungetc
> 0000000000209ac0 d pam_mysql_string_opt_accr
> 00000000000020f0 t pam_mysql_string_opt_getter
> 0000000000002420 t pam_mysql_string_opt_setter
>                  U pam_set_data
>                  U pam_set_item
> 0000000000006530 T pam_sm_acct_mgmt
> 0000000000006790 T pam_sm_authenticate
> 0000000000005830 T pam_sm_chauthtok
> 0000000000005480 T pam_sm_close_session
> 0000000000005660 T pam_sm_open_session
> 00000000000022a0 T pam_sm_setcred
>                  U pam_strerror
>                  U read@@GLIBC_2.2.5
>                  U realloc@@GLIBC_2.2.5
> 0000000000007580 r saltstr.8671
>                  U strcasecmp@@GLIBC_2.2.5
>                  U strchr@@GLIBC_2.2.5
>                  U strcmp@@GLIBC_2.2.5
>                  U strerror@@GLIBC_2.2.5
>                  U strlen@@GLIBC_2.2.5
> 0000000000002380 t strnncpy
> 00000000000022b0 t xcalloc
> 0000000000002400 t xfree
> 00000000000023d0 t xfree_overwrite
> 0000000000002670 t xrealloc
> 0000000000002320 t xstrdup
> 
> 
>>
>>  rupert wrote:
>>  > Hello,
>>  > i installed a complete cyrus murder setup in a VMware machine and now
>>  > im transferring my configuration to a real 64Bit machine, i donwloaded
>>  > pam_mysql and compiled it,
>>  > when I try to login with cyradmin or imtest i always get some errors
>>  > and there isnt even a query executed in mysql.
>>  > How can i fix this?
>>  >
>>  >
>>  > badlogin: localhost.localdomain [127.0.0.1] PLAIN [SASL(-16):
>>  > encryption needed to use mechanism: security flags do not match
>>  > required]
>>  >
>>  > badlogin:host1 [127.0.0.1] plaintext cyrus at fbla1host1 SASL(-13):
>>  > authentication failure: checkpass failed
>>  >
>>  > Feb  1 17:29:11 frontend-A1 mupdate[2048]: No worthy mechs found
>>  >
>>  >
>>  > thx a lot
>>  >
>>  > _______________________________________________
>>  > Pam-list mailing list
>>  > Pam-list at redhat.com
>>  > https://www.redhat.com/mailman/listinfo/pam-list
>>
>>
>>  --
>>  Jason Gerfen
>>
>>  "I practice my religion
>>   while stepping on your
>>   toes..."
>>  ~The Ditty Bops
>>
>>  _______________________________________________
>>  Pam-list mailing list
>>  Pam-list at redhat.com
>>  https://www.redhat.com/mailman/listinfo/pam-list
>>
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list


-- 
Jason Gerfen

"I practice my religion
 while stepping on your
 toes..."
~The Ditty Bops

More information about the Pam-list mailing list