MariaDB Documentation improvements (MDEV-6881)

[MDEV-8304] Update the MariaDB PAM plugin documentation Created: 2015-06-11  Updated: 2017-05-30  Resolved: 2017-05-30

Status: Closed
Project: MariaDB Server
Component/s: Documentation
Affects Version/s: 5.5.44, 10.0.19
Fix Version/s: N/A

Type: Technical task Priority: Major
Reporter: Stoykov (Inactive) Assignee: Sergei Golubchik
Resolution: Fixed Votes: 0
Labels: pam, pam_fprintd
Environment:

Linux


 Description   

Please state at the PAM Configuration section at
https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
to avoid using the pam_fprintd.so at the /etc/pam.conf , but instead an alternative would be to use pam_fprint.so

Root Cause
 
MariaDB invokes the PAM plugin, which invokes libpam.so, that invokes pam_fprintd.so, here the
 
crash occurs.
 
A change in an errata seems to have changed the behaviour of the applications stack. pam_fprintd,
 
where the crash occurred, is not now, nor has it even been multi-use thread-safe. The errata was
 
delivered to fix issues with the old versions for the normal use case, this behaviour needed to be
 
fixed. Fixing these cases did break the behaviour of the stack in use here with Mariadb (which uses
 
pam_fprintd in multi-use/thread-safe contexts, while it is not safe for that use).
 
So it was never garanted that pam_fprintd would work in multi-use/thread-safe. Now other
 
scenarios were fixed in a way, which has this setup no longer working.
 
To get pam_fprintd working in these multi-use/thread-safe contexts massive changes are required,
 
to heavy for RHEL6.
 
It is recommended to not use the PAM system from applications not running with root permissions.


Generated at Thu Feb 08 07:26:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.