Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.3.6
-
None
-
MXS-SPRINT-82, MXS-SPRINT-83
Description
The PAM conversation function currently throws an error if it encounters any messages that are not PAM_PROMPT_ECHO_OFF or PAM_PROMPT_ECHO_ON:
This means that a user's MaxScale log can fill up with error messages like the following:
2019-05-05 19:40:42 error : Unexpected PAM message: type='4', contents='Your password will expire in 1 day(s).'
|
If msg_style=4, then it is of the type PAM_TEXT_INFO:
$ grep "PAM_TEXT_INFO" /usr/include/security/_pam_types.h
|
#define PAM_TEXT_INFO 4
|
These appear to be harmless messages:
PAM_TEXT_INFO
Display some text.
http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html#mwg-pam_conv
That doesn't really seem worthy of an error that causes the connection to fail.
It seems like it would be better to log PAM_TEXT_INFO messages with MXS_NOTICE or MXS_INFO instead of MXS_ERROR, and then also return PAM_SUCCESS, so it doesn't count as a failure.
Attachments
Issue Links
- relates to
-
MDEV-19440 Log PAM_ERROR_MSG and PAM_TEXT_INFO messages types in PAM conversation function
-
- Open
-
-
-
- Closed
-