Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-7637

MariaDB 5.5 + pam + ldap + selinux

    XMLWordPrintable

Details

    Description

      rpms involved

      pam_ldap-185-11.el6.x86_64
      pam_mysql-0.7-0.12.rc1.el6.x86_64
      pam-1.1.1-20.el6.x86_64

      MariaDB

      MariaDB-compat-5.5.42-1.el6.x86_64
      MariaDB-client-5.5.42-1.el6.x86_64
      MariaDB-common-5.5.42-1.el6.x86_64
      MariaDB-shared-5.5.42-1.el6.x86_64
      MariaDB-server-5.5.42-1.el6.x86_64

      I've created the user in MariaDB and loaded the auth module with

      INSTALL SONAME 'auth_pam';
      create user <myldapusername>@localhost IDENTIFIED VIA pam USING 'mariadb';

      cat /etc/pam.d/mariadb
      #%PAM-1.0
      auth          sufficient    pam_ldap.so debug
      account     sufficient    pam_ldap.so debug
      account     sufficient    pam_localuser.so

      And a valid /etc/pam_ldap.conf

      If I use setenforce Permissive all is well, I can log in as the user authenticated via the ldap AD.
      If I use setenforce Enforcing I see
      > mysqld: PAM audit_open() failed: Permission denied

      I've verified that the selinux permissions on the /etc/pam.d/mariadb appear to be valid

      Cheers

      Jan.

      Attachments

        Issue Links

          Activity

            People

              serg Sergei Golubchik
              jeringa Jan Eringa
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.