Details
-
Technical task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
5.5.44, 10.0.19
-
Linux
Description
Please state at the PAM Configuration section at
https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
to avoid using the pam_fprintd.so at the /etc/pam.conf , but instead an alternative would be to use pam_fprint.so
Root Cause
|
MariaDB invokes the PAM plugin, which invokes libpam.so, that invokes pam_fprintd.so, here the
|
crash occurs.
|
A change in an errata seems to have changed the behaviour of the applications stack. pam_fprintd,
|
where the crash occurred, is not now, nor has it even been multi-use thread-safe. The errata was
|
delivered to fix issues with the old versions for the normal use case, this behaviour needed to be
|
fixed. Fixing these cases did break the behaviour of the stack in use here with Mariadb (which uses
|
pam_fprintd in multi-use/thread-safe contexts, while it is not safe for that use).
|
So it was never garanted that pam_fprintd would work in multi-use/thread-safe. Now other
|
scenarios were fixed in a way, which has this setup no longer working.
|
To get pam_fprintd working in these multi-use/thread-safe contexts massive changes are required,
|
to heavy for RHEL6.
|
It is recommended to not use the PAM system from applications not running with root permissions.
|