Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-10871

Add logging capability to pam_user_map.c

Details

    • 10.1.30, 10.1.32

    Description

      The PAM user mapping plugin doesn't currently seem to log any information to /var/log/secure. It would probably be helpful if the plugin had some way to enable verbose logging during testing, so that it would be easier to debug configuration problems.

      I expect the best way to implement this would be to create one or more module arguments for the plugin that controls logging. PAM module arguments are explained here:

      https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/PAM_Configuration_Files.html#pam-mod-args

      For example, maybe a configuration like this could enable very verbose debugging logging to /var/log/secure:

      auth required pam_user_map.so debug

      Or if we wanted the ability to specify a specific log, maybe we could do something like this:

      auth required pam_user_map.so debug_log=/tmp/pam_user_map.log

      But these are just suggestions.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30384 Group mapping with pam_user_map does not work for ldap nested groups

          • Major - Major loss of function.
          • Open

          Activity

            Ascending order - Click to sort in descending order
            GeoffMontee Geoff Montee (Inactive) added a comment -

            Do we have plans to implement this at some point? Problems with pam_user_map.so are currently very difficult to debug.

            GeoffMontee Geoff Montee (Inactive) added a comment - Do we have plans to implement this at some point? Problems with pam_user_map.so are currently very difficult to debug.
            holyfoot Alexey Botchkov added a comment -

            Implemented the 'debug' option, that would write excessive comments to the syslog.
            http://lists.askmonty.org/pipermail/commits/2018-March/012101.html

            holyfoot Alexey Botchkov added a comment - Implemented the 'debug' option, that would write excessive comments to the syslog. http://lists.askmonty.org/pipermail/commits/2018-March/012101.html
            holyfoot Alexey Botchkov added a comment -

            As far as i see the PAM libraries tend to write messages to the syslog, so my proposal is to send the debug output of the pam_user_map to the syslog as well.
            Syslog is pretty flexible and can be directed to a file or other computer.

            holyfoot Alexey Botchkov added a comment - As far as i see the PAM libraries tend to write messages to the syslog, so my proposal is to send the debug output of the pam_user_map to the syslog as well. Syslog is pretty flexible and can be directed to a file or other computer.
            holyfoot Alexey Botchkov added a comment -

            http://lists.askmonty.org/pipermail/commits/2018-March/012126.html

            holyfoot Alexey Botchkov added a comment - http://lists.askmonty.org/pipermail/commits/2018-March/012126.html

            People

              holyfoot Alexey Botchkov
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.