centos:pam-mysql无法按预期工作(无法从DB登录名为/ pwd的ssh)

时间:2016-08-19 06:30:28

标签: mysql linux authentication mariadb pam

我的目的是使用存储在MariaDB中的用户名/密码登录linux(ssh)。 我认为它应该有效......但不是! 请帮忙!任何人!

环境:
操作系统 - CentOS Linux版本7.2.1511(核心)X86_64
数据库 - 适用于Linux的MariaDB 10.0.26(x86_64)
pam_mysql - 版本0.7发布0.21.rc1.el7.centos
libnss-mysql - 版本1.5发布19.el7

注意:用户名/密码存储在现有的表格系统中.Admin

用谷歌搜索后,我找到了this totur。 我查看了手册:/usr/share/doc/libnss-mysql-1.5/README/usr/share/doc/pam_mysql-0.7/README

毕竟,我所做的就是编辑几个文本文件:

1. /etc/libnss-mysql-root.cfg:

username    root
password    628508320

2. /etc/libnss-mysql.cfg:

getpwnam    SELECT username,'x',id+10000,0,username, \
                CONCAT('/home/',username),'/bin/bash' \
            FROM Admin \
            WHERE (Admin.username='%1$s') \
            LIMIT 1
getpwuid    SELECT username,'x',id+10000,0,username, \
                CONCAT('/home/',username),'/bin/bash' \
            FROM Admin \
            WHERE (Admin.id=('%1$u'-10000)) \
            LIMIT 1
getspnam    SELECT username,password,'1','0','99999','0','0','-1','0' \
            FROM Admin \
            WHERE (Admin.username='%1$s') \
            LIMIT 1
getpwent    SELECT username,'x',id+10000,0,username, \
                CONCAT('/home/',username),'/bin/bash' \
            FROM Admin
getspent    SELECT username,password,'1','0','99999','0','0','-1','0' \
            FROM Admin
getgrnam    SELECT 'admin','admin',0
getgrgid    SELECT 'admin','admin',0
getgrent    SELECT 'admin','admin',0
memsbygid   SELECT username FROM Admin
gidsbymem   SELECT 0

host        localhost
database    system
username    root
password    628508320

3. /etc/nsswitch.conf 

passwd:     files sss mysql
shadow:     files sss mysql
group:      files sss

4. /etc/pam.d/sshd 

#%PAM-1.0

account sufficient  pam_unix.so
account required    pam_mysql.so   config_file=/etc/pam_mysql.cfg

auth    sufficient  pam_unix.so
auth    required    pam_mysql.so   config_file=/etc/pam_mysql.cfg
auth    required    pam_env.so

password    include system-auth
session     include system-auth

5. /etc/pam_mysql.cfg 

users.host=/var/lib/mysql/mysql.sock
users.db_user=root
users.db_passwd=628508320
users.database=system
users.table=Admin
users.user_column=username
users.password_column=password
users.password_crypt=1
verbose=0

6.现在它应该可以工作,但事实并非如此。

addtional info :(希望它可以帮助您了解发生了什么) 

[root@localhost ~]# mysql -p628508320 -e 'select id,username,password from system.Admin;'
+----+----------+---------------+
| id | username | password      |
+----+----------+---------------+
|  5 | admin    | VHeAzHjS/wVls |
|  6 | a        | rHscIjE3eNyHs |
|  7 | b        | b             |
+----+----------+---------------+
>> means that db is fine (password for admin is insert as encrypt('a') while b is plain)

[root@localhost ~]# id admin # user'admin' is not in /etc/passwd and /etc/shadow
uid=10005(admin) gid=10005 groups=10005
>> seems that something works correct, `id` gets user from DB

[root@localhost ~] ssh admin@localhost
admin@localhost's password: 
Connection to localhost closed.

[root@localhost ~]# ls -ld /var/lib/mysql/ /var/lib/mysql/mysql.sock
drwxr-xr-x. 10 mysql mysql 4096 Aug 19 11:33 /var/lib/mysql/
srwxrwxrwx.  1 mysql mysql    0 Aug 17 10:55 /var/lib/mysql/mysql.sock

禁用selinux后,我会解决mysql权限问题。

现在它在另一点失败了:(tail -f /var/log/secure

Aug 20 17:24:37 MiWiFi-R1CM-srv sshd[70049]: Accepted password for admin from ::1 port 33322 ssh2
Aug 20 17:24:37 MiWiFi-R1CM-srv sshd[70049]: error: PAM: pam_open_session(): Cannot make/remove an entry for the specified session
Aug 20 17:24:37 MiWiFi-R1CM-srv sshd[70049]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
Aug 20 17:24:37 MiWiFi-R1CM-srv sshd[70049]: libnss-mysql: mysql_query failed: MySQL server has gone away, trying again (2)
Aug 20 17:24:37 MiWiFi-R1CM-srv sshd[70054]: Received disconnect from ::1: 11: disconnected by user

更新

我尝试在/etc/pam_mysql.cfg中使用plain crypt=0, 我可以登录,但是ui很奇怪:-bash-4.2$(我希望像[root@localhost ~]#)左右 goole告诉我cp -a /etc/skel /home/admin,修复。

0 个答案:

没有答案
相关问题
最新问题