[#MDEV-19440] Log PAM_ERROR_MSG and PAM_TEXT_INFO messages types in PAM conversation function

[MDEV-19440] Log PAM_ERROR_MSG and PAM_TEXT_INFO messages types in PAM conversation function Created: 2019-05-10 Updated: 2023-11-30
Status:	Open
Project:	MariaDB Server
Component/s:	Authentication and Privilege System, Plugin - pam
Fix Version/s:	None

Type:

New Feature

Priority:

Major

Reporter:

Geoff Montee (Inactive)

Assignee:

Sergei Golubchik

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MXS-2479~~	Don't throw error for PAM_TEXT_INFO i...	Closed

Description

The PAM authentication plugin's conversation function may be throwing away some information that may be useful for diagnostic purposes because it does not seem to log messages of the following types:

PAM_ERROR_MSG
Display an error message.

PAM_TEXT_INFO
Display some text.

http://www.linux-pam.org/Linux-PAM-html/mwg-expected-by-module-item.html#mwg-pam_conv

See here:

https://github.com/MariaDB/server/blob/mariadb-10.4.4/plugin/auth_pam/auth_pam_base.c#L63

I think it might always make sense to log messages of the type PAM_ERROR_MSG.

Maybe it could be optional to log messages of the type PAM_TEXT_INFO. Would it make sense to base that on log_warnings? Or maybe on another new system variable defined by the plugin? Like pam_log_text_info or something?

Generated at Thu Feb 08 08:51:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-19440] Log PAM_ERROR_MSG and PAM_TEXT_INFO messages types in PAM conversation function Created: 2019-05-10 Updated: 2023-11-30