Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.3(EOL)
-
None
-
None
Description
I am trying to configure a 10.3 MariaDB server on CentOS 6.10 with 2-factor authentication via PAM using RSA server 8.2.1.
We have this working when ssh'ing directly into server but it is not working for MariaDB authentication.
I have installed the 'auth_pam' plugin and created a user "identified via pam using 'mariadb2'".
The mariadb2 pam module currently has the following entries:
#%PAM-1.0
|
auth required pam_sepermit.so
|
auth required pam_securid.so reserve
|
#auth include password-auth
|
account required pam_nologin.so
|
account required pam_access.so nodefgroup
|
account include password-auth
|
password include password-auth
|
session required pam_selinux.so close
|
session required pam_loginuid.so
|
session required pam_selinux.so open env_params
|
session optional pam_keyinit.so force revoke
|
session include password-auth
|
authentication attempts show only (generically): "018-09-24 14:06:12 59 [Warning] Access denied for user 'user'@'ip' (using password: NO)" in mariadb error log.
I see the correct PAM_SERVICE, PAM_TYPE, and PAM_USER in syslog.
I do not see any information indicating what the actual issue is.
Does MariaDB support 2-factor authentication via this method? If so, is there any documentation on configuration and/or troubleshooting?