[MDEV-17118] unknown option --pam-use-cleartext-plugin Created: 2018-09-02  Updated: 2018-09-02  Resolved: 2018-09-02

Status: Closed
Project: MariaDB Server
Component/s: Platform Debian, Plugin - pam
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Nicolas Peugnet Assignee: Sergei Golubchik
Resolution: Not a Bug Votes: 0
Labels: None


 Description   

I am trying tu use the PAM authentication plugin with my MariaDb server.
I followed these instructions and everything works fine, except the fact that I can't connect from PHP, and especially from phpMyAdmin:

 mysqli_real_connect(): The server requested authentication method unknown to the client [dialog]
 
 mysqli_real_connect(): (HY000/2054): The server requested authentication method unknown to the client

I think that the --pam_use_cleartext_plugin option would correct this error in disabling the dialog authentication plugin for PAM from what I understood of the docs : https://mariadb.com/kb/en/library/authentication-plugin-pam/#mysql-cleartext-plugin

But I get:
mysql: unknown option '--pam_use_cleartext_plugin':

nicolas@club1:~$ mysql --pam_use_cleartext_plugin
 
mysql: unknown option '--pam_use_cleartext_plugin'
 
nicolas@club1:~$ mysql
 
[mariadb] Password:
 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
 
Your MariaDB connection id is 76
 
Server version: 10.3.9-MariaDB-1:10.3.9+maria~bionic mariadb.org binary distribution
 
 
 
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
 
 
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
MariaDB [(none)]>

What am I doing wrong ?

 Comments   
Comment by Sergei Golubchik [ 2018-09-02 ]

PAM plugin is a server plugin that instructs the client to use the dialog or a mysql_cleartext_password plugin.

The manual says

one can instruct the PAM plugin to use the mysql_cleartext_password client plugin instead of the dialog plugin

Because PAM is the server plugin, you need to use --pam-use-cleartext-plugin on the server, not on the client.

Comment by Nicolas Peugnet [ 2018-09-02 ]

Thank you very much, I really thought it was a client option to ask the server to use cleartext instead of dialog.
So I added this config and restarted the server and now everything works as expected.

[mysqld]
 
pam_use_cleartext_plugin = ON

Generated at Thu Feb 08 08:34:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.