pam + mysql + vsftp

Steven Haigh Tue, 17 Sep 2013 20:12:25 -0700

Hi all,

I've been butting my head against this one for a while - so I figured
its time to get help... ;)


I'm trying to use pam_mysql to authenticate FTP users via PAM.

I've edited the /etc/pam.d/vsftpd to contain:
auth required pam_mysql.so config_file=/etc/vsftpd/vsftpd-mysql.conf
crypt=1 verbose=1
account required pam_mysql.so config_file=/etc/vsftpd/vsftpd-mysql.conf
crypt=1 verbose=1

The passwords are stored in a MySQL database as ssha512 format. This
means they look something like:
{SHA512-CRYPT}$6$qLv.........

When I try to use this account, I see the following in /var/log/messages:
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_sm_authenticate() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_open_db() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_open_db()
returning 0.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_format_string()
called
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_quick_escape()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - SELECT password FROM
users WHERE CONCAT(username, "@", domain) = 'ad...@wireless.org.au'
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
returning 6.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log()
returning 0.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_converse() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_open_db() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_format_string()
called
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_quick_escape()
called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - SELECT password FROM
users WHERE CONCAT(username, "@", domain) = 'ad...@wireless.org.au'
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_check_passwd()
returning 6.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log() called.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_mysql_sql_log()
returning 0.
Sep 18 13:03:43 www vsftpd[11368]: pam_mysql - pam_sm_authenticate()
returning 7.
Sep 18 13:03:45 www vsftpd[11368]: pam_mysql - pam_mysql_release_ctx()
called.
Sep 18 13:03:45 www vsftpd[11368]: pam_mysql - pam_mysql_destroy_ctx()
called.
Sep 18 13:03:45 www vsftpd[11368]: pam_mysql - pam_mysql_close_db() called.

I can't find any real info on what pam_mysql_check_passwd() returning 6
means - but I assume its a password check failure.

My only thought is that somehow the password format supplied by the
database (which works on dovecot) is different than expected by PAM...

Does anyone have any thoughts on this?

-- 
Steven Haigh

Email: net...@crc.id.au
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299

signature.asc
Description: OpenPGP digital signature

pam + mysql + vsftp

Reply via email to