如何修复MariaDB身份验证插件-PAM?

时间:2019-11-19 09:22:10

标签: mysql ubuntu mariadb pam

我已经在Ubuntu 18.04上安装了MariaDB服务器。我需要PAM身份验证插件,因此我按照此处描述的步骤操作:https://mariadb.com/resources/blog/configuring-pam-authentication-and-user-mapping-with-mariadb/,以安装该插件。

我已经使用以下方法下载并安装了PAM-mapper:

wget https://raw.githubusercontent.com/MariaDB/server/10.1/plugin/auth_pam/mapper/pam_user_map.c
gcc pam_user_map.c -shared -lpam -fPIC -o pam_user_map.so
sudo install --mode=0755 pam_user_map.so /lib64/security/

然后我创建了PAM策略:

sudo tee /etc/pam.d/mysql <<EOF
auth required pam_unix.so audit
account required pam_unix.so audit
auth sufficient /lib64/security/pam_user_map.so
EOF

已向文件/etc/security/user_map.conf添加了我想要的映射,并按照教程中的说明打开了访问权限/etc/shadow

然后,我通过使用以下命令在MariaDB端设置了一切:

-- Install the plugin
INSTALL SONAME 'auth_pam';

-- Create the "dba" user
CREATE USER 'user_for_mapping'@'%' IDENTIFIED BY 'somepassword';
GRANT ALL PRIVILEGES ON *.* TO 'dba'@'%';

-- Create an anonymous catch-all user that will use the PAM plugin and the mysql policy
CREATE USER ''@'%' IDENTIFIED VIA pam USING 'mysql';

-- Allow the anonymous user to proxy as the dba user
GRANT PROXY ON 'user_for_mapping'@'%' TO ''@'%';

一切正常。来自映射文件的用户已按原样映射,未在映射文件中提及的用户被映射至匿名帐户“ @'%'。 尽管如此,即使MariaDB设置没有任何变化(不确定是否有人在Ubuntu方面进行了更改),从一天到一天它都停止工作。

现在,当我尝试使用之前登录时: mysql -u ubuntu_user -p或使用mysql -u '' -p会收到相同的错误消息:

2019-11-19  9:37:56 11 [Warning] Access denied for user 'ubuntu_user'@'localhost' (using password: NO)

甚至认为我正在使用密码。 从mysql.log文件中,我可以读取ubuntu_user@localhost as anonymous on,然后再次出错。

从文件auth.log中,我可以阅读以下内容:

Nov 19 09:37:27 host_name pkexec[34382]: shin: Error executing command as another user: Not authorized [USER=root] [TTY=unknown] [CWD=/home/shin] [COMMAND=/usr/lib/update-notifier/package-system-locked]
Nov 19 09:37:27 host_name pkexec[34396]: ubuntu_user: Error executing command as another user: Not authorized [USER=root] [TTY=unknown] [CWD=/home/ubuntu_user] [COMMAND=/usr/lib/update-notifier/package-system-locked]
...
Nov 19 09:37:43 host_name sudo: pam_unix(sudo:session): session closed for user root

当我在mysql中使用SHOW PLUGINS命令时,我可以看到pam插件处于活动状态。在配置文件中,我添加了plugin_load_add = auth_pam,但这仍然无济于事。

有人知道这里的问题是什么,我该如何解决?

0 个答案:

没有答案
相关问题
最新问题