Details
-
New Feature
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
The PAM authentication plugin's conversation function may be throwing away some information that may be useful for diagnostic purposes because it does not seem to log messages of the following types:
PAM_ERROR_MSG
Display an error message.PAM_TEXT_INFO
Display some text.
http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html#mwg-pam_conv
See here:
https://github.com/MariaDB/server/blob/mariadb-10.4.4/plugin/auth_pam/auth_pam_base.c#L63
I think it might always make sense to log messages of the type PAM_ERROR_MSG.
Maybe it could be optional to log messages of the type PAM_TEXT_INFO. Would it make sense to base that on log_warnings? Or maybe on another new system variable defined by the plugin? Like pam_log_text_info or something?
Attachments
Issue Links
- relates to
-
MXS-2479 Don't throw error for PAM_TEXT_INFO in PAM conversation function
- Closed