[MDEV-7637] MariaDB 5.5 + pam + ldap + selinux - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5.42, 10.0(EOL)
Fix Version/s: N/A
Component/s: Documentation, Plugin - pam
Labels:
- ldap
- pam
- selinux
- verified
Environment:
Centos 6.6 x86_64

Description

rpms involved

pam_ldap-185-11.el6.x86_64

pam_mysql-0.7-0.12.rc1.el6.x86_64

pam-1.1.1-20.el6.x86_64

MariaDB

MariaDB-compat-5.5.42-1.el6.x86_64

MariaDB-client-5.5.42-1.el6.x86_64

MariaDB-common-5.5.42-1.el6.x86_64

MariaDB-shared-5.5.42-1.el6.x86_64

MariaDB-server-5.5.42-1.el6.x86_64

I've created the user in MariaDB and loaded the auth module with

INSTALL SONAME 'auth_pam';

create user <myldapusername>@localhost IDENTIFIED VIA pam USING 'mariadb';

cat /etc/pam.d/mariadb

#%PAM-1.0

auth          sufficient    pam_ldap.so debug

account     sufficient    pam_ldap.so debug

account     sufficient    pam_localuser.so

And a valid /etc/pam_ldap.conf

If I use setenforce Permissive all is well, I can log in as the user authenticated via the ldap AD.
If I use setenforce Enforcing I see
> mysqld: PAM audit_open() failed: Permission denied

I've verified that the selinux permissions on the /etc/pam.d/mariadb appear to be valid

Cheers

Jan.

Attachments

Issue Links

links to

RHEL bug

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Jan Eringa

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2015-02-26 05:50

Updated:: 2015-04-28 16:02

Resolved:: 2015-04-27 21:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.