[MDEV-17292] Package the pam_user_map module - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Fix Version/s: 10.2.31, 10.3.22, 10.4.12
Component/s: Packaging, Plugin - pam
Labels:
None

Description

Currently, users have to manually compile pam_user_map.c, and then install pam_user_map.so in the proper location. Do we want to package this, so that users can install it more easily?

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

mariadb-pam-user-map.spec
1 kB
2019-12-30 11:52

Issue Links

is duplicated by

MDEV-21207 include pam_auth_map.so in binary packages

Closed

relates to

MDEV-21656 Wrong directory for pam_user_map.so

Closed

MDEV-21913 Add pam_user_map.so file to binary tarball package

Closed

Activity

Ascending order - Click to sort in descending order

Alexey Botchkov added a comment - 2019-08-01 10:59

https://github.com/MariaDB/server/commit/1b04e854531fd5634defaffa30fed82e3329436d

Alexey Botchkov added a comment - 2019-08-01 10:59 https://github.com/MariaDB/server/commit/1b04e854531fd5634defaffa30fed82e3329436d

Sergei Golubchik added a comment - 2019-08-04 16:20 - edited

A questionable solution. Why not to install it in the
distribution-appropriate location for pam modules (like /lib/security) ?

Sergei Golubchik added a comment - 2019-08-04 16:20 - edited A questionable solution. Why not to install it in the distribution-appropriate location for pam modules (like /lib/security) ?

Alexey Botchkov added a comment - 2019-08-05 11:39

As the pam_user_map is the part of the MariaDB, i thought it makes sence to keep it with the rest of the libraries.
It's easier to install and uninstall it that way.
Multiple MariaDB installations can coexist.

Alexey Botchkov added a comment - 2019-08-05 11:39 As the pam_user_map is the part of the MariaDB, i thought it makes sence to keep it with the rest of the libraries. It's easier to install and uninstall it that way. Multiple MariaDB installations can coexist.

Sergei Golubchik added a comment - 2019-08-06 16:24

As discussed on slack, let's try to make it a separate package, no dependencies, with a pam module in a standard location

Sergei Golubchik added a comment - 2019-08-06 16:24 As discussed on slack, let's try to make it a separate package, no dependencies, with a pam module in a standard location

Charles JUDITH added a comment - 2019-12-30 13:48

There's a SPEC file, any ETA to have this package available?

I'm currently using this package within my company.

Charles JUDITH added a comment - 2019-12-30 13:48 There's a SPEC file, any ETA to have this package available? I'm currently using this package within my company.

Charles JUDITH added a comment - 2020-01-24 10:20

Any details on how this will be implemented?

A new package like the SPEC file added in attachement or included within an existing package?

Charles JUDITH added a comment - 2020-01-24 10:20 Any details on how this will be implemented? A new package like the SPEC file added in attachement or included within an existing package?

Aurélien LEQUOY added a comment - 2020-02-03 18:09 - edited

Hello,

You made a mistake when you released the version 10.3.22 (and all others also I guess, but I didn't tested)

The file pam_user_map.so is not in the good directory

the log :

Feb 03 17:48:29 pmaria36-par mysqld[18993]: PAM unable to dlopen(/usr/lib64/security/pam_user_map.so): /usr/lib64/security/pam_user_map.so: cannot open shared object file: No such file or directory
Feb 03 17:48:29 pmaria36-par mysqld[18993]: PAM adding faulty module: /usr/lib64/security/pam_user_map.so
Feb 03 17:48:32 pmaria36-par collectd[5489]: write_graphite plugin: Connection closed after 0.000 seconds.
Feb 03 17:48:34 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): unexpected response from failed conversation function
Feb 03 17:48:34 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): conversation failed
Feb 03 17:48:34 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): failed to get password: Authentication token manipulation error
Feb 03 17:49:48 pmaria36-par consul[2830]: 2020/02/03 17:49:48 [INFO] memberlist: Marking qtfckq81301e8.kubes02.par.criteo.preprod as failed, suspect timeout reached (2 peer confirmations)
Feb 03 17:49:48 pmaria36-par consul[2830]: 2020/02/03 17:49:48 [INFO] serf: EventMemberFailed: qtfckq81301e8.kubes02.par.criteo.preprod 10.236.74.12
Feb 03 17:49:48 pmaria36-par consul[2830]: 2020/02/03 17:49:48 [INFO] serf: EventMemberJoin: qtfckq81301e8.kubes02.par.criteo.preprod 10.236.74.12
Feb 03 17:49:58 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): unexpected response from failed conversation function
Feb 03 17:49:58 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): conversation failed
Feb 03 17:49:58 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): failed to get password: Authentication token manipulation error
Feb 03 17:49:58 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): Opening file '/etc/security/user_map.conf'.
Feb 03 17:49:58 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): Incoming username 'a.lequoy'.

For Centos :
The file should be placed in /usr/lib64/security/pam_user_map.so like all other about pam, and not in : /usr/lib/security/pam_user_map.so

with cp -a /usr/lib/security/pam_user_map.so /usr/lib64/security/

it's working perfectly :

Feb 03 18:04:11 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): nslcd authentication; user=a.lequoy
Feb 03 18:04:11 pmaria36-par mysqld[18993]: pam_ldap(mariadb:auth): authentication succeeded
Feb 03 18:04:11 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): Opening file '/etc/security/user_map.conf'.
Feb 03 18:04:11 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): Incoming username 'a.lequoy'.
Feb 03 18:04:12 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): User belongs to 59 groups [***].
Feb 03 18:04:12 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): Check if user is in group 'gu-dba': YES
Feb 03 18:04:12 pmaria36-par mysqld[18993]: pam_user_map(mariadb:auth): User mapped as 'adminprod'

Aurélien LEQUOY added a comment - 2020-02-03 18:09 - edited Hello, You made a mistake when you released the version 10.3.22 (and all others also I guess, but I didn't tested) The file pam_user_map.so is not in the good directory the log : Feb 03 17:48:29 pmaria36-par mysqld [18993] : PAM unable to dlopen(/usr/lib64/security/pam_user_map.so): /usr/lib64/security/pam_user_map.so: cannot open shared object file: No such file or directory Feb 03 17:48:29 pmaria36-par mysqld [18993] : PAM adding faulty module: /usr/lib64/security/pam_user_map.so Feb 03 17:48:32 pmaria36-par collectd [5489] : write_graphite plugin: Connection closed after 0.000 seconds. Feb 03 17:48:34 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): unexpected response from failed conversation function Feb 03 17:48:34 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): conversation failed Feb 03 17:48:34 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): failed to get password: Authentication token manipulation error Feb 03 17:49:48 pmaria36-par consul [2830] : 2020/02/03 17:49:48 [INFO] memberlist: Marking qtfckq81301e8.kubes02.par.criteo.preprod as failed, suspect timeout reached (2 peer confirmations) Feb 03 17:49:48 pmaria36-par consul [2830] : 2020/02/03 17:49:48 [INFO] serf: EventMemberFailed: qtfckq81301e8.kubes02.par.criteo.preprod 10.236.74.12 Feb 03 17:49:48 pmaria36-par consul [2830] : 2020/02/03 17:49:48 [INFO] serf: EventMemberJoin: qtfckq81301e8.kubes02.par.criteo.preprod 10.236.74.12 Feb 03 17:49:58 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): unexpected response from failed conversation function Feb 03 17:49:58 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): conversation failed Feb 03 17:49:58 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): failed to get password: Authentication token manipulation error Feb 03 17:49:58 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): Opening file '/etc/security/user_map.conf'. Feb 03 17:49:58 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): Incoming username 'a.lequoy'. For Centos : The file should be placed in /usr/lib64/security/pam_user_map.so like all other about pam, and not in : /usr/lib/security/pam_user_map.so with cp -a /usr/lib/security/pam_user_map.so /usr/lib64/security/ it's working perfectly : Feb 03 18:04:11 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): nslcd authentication; user=a.lequoy Feb 03 18:04:11 pmaria36-par mysqld [18993] : pam_ldap(mariadb:auth): authentication succeeded Feb 03 18:04:11 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): Opening file '/etc/security/user_map.conf'. Feb 03 18:04:11 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): Incoming username 'a.lequoy'. Feb 03 18:04:12 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): User belongs to 59 groups [***] . Feb 03 18:04:12 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): Check if user is in group 'gu-dba': YES Feb 03 18:04:12 pmaria36-par mysqld [18993] : pam_user_map(mariadb:auth): User mapped as 'adminprod'

Aurélien LEQUOY added a comment - 2020-02-03 18:25 - edited

I created a pull request : https://github.com/MariaDB/server/pull/1443

https://github.com/MariaDB/server/pull/1443/commits/7bd57a55f78abffb508ab89972de1feccf6e155b

Aurélien LEQUOY added a comment - 2020-02-03 18:25 - edited I created a pull request : https://github.com/MariaDB/server/pull/1443 https://github.com/MariaDB/server/pull/1443/commits/7bd57a55f78abffb508ab89972de1feccf6e155b

People

Assignee:: Sergei Golubchik

Reporter:: Geoff Montee (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Due:: 2019-07-31

Created:: 2018-09-25 21:23

Updated:: 2024-07-07 23:38

Resolved:: 2020-02-05 09:58

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Git Integration