[#MDEV-31422] FR: enable pam_debug in all builds, not just debug

[MDEV-31422] FR: enable pam_debug in all builds, not just debug Created: 2023-06-07 Updated: 2023-06-27
Status:	Open
Project:	MariaDB Server
Component/s:	None
Fix Version/s:	None

Type:

Task

Priority:

Major

Reporter:

Hartmut Holzgraefe

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates

Description

We had several cases by now where the pam_debug output would have been useful to figure out auth_pam setup problems on the PAM side, but this functionality is only available in debug builds.

As the space and performance overhead of these few PAM debug messages are rather minimal, and only get evaluated once per connection attempt, I don't see a problem with having these compiled into regular releases so that we can make use of pam_debug without getting a debug build of the auth_pam.so / auth_pam_v1.so first.

Comments

Comment by Sergei Golubchik [ 2023-06-27 ]

the problem is that it dumps all the authentication info, including password, tokens, everything, into the log.
this might be essential for debugging the authentication problems, so it cannot mask the data.
but might be not desirable to have this functionality readily available in all builds.

Generated at Thu Feb 08 10:23:45 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-31422] FR: enable pam_debug in all builds, not just debug Created: 2023-06-07 Updated: 2023-06-27