[Debian] libpam-mysql

libpam-mysql [Debian] - Logiciels - Linux et OS Alternatifs

Marsh Posté le 09-01-2007 à 23:26:27    

J'ai une interrogation concernant ce module PAM sur Debian Sarge. Quelqu'un a déjà réussi à le faire fonctionenr avec des mots de passe chiffrés ?
 
J'ai une installation qui fonctionne avec des mots de passe en clair mais si je suis la procédure de la documentation:
 

Code :
  1. crypt (0)
  2.     Specifies the method to encrypt the user's password:
  3.         * 0 (or "plain" ) = No encryption. Passwords stored in plaintext. HIGHLY DISCOURAGED.
  4.         * 1 (or "Y" ) = Use crypt(3) function
  5.         * 2 (or "mysql" ) = Use MySQL PASSWORD() function. It is possible that the encryption function used by pam-mysql is different from that of the MySQL server, as pam-mysql uses the function defined in MySQL's C-client API instead of using PASSWORD() SQL function in the query.
  6.         * 3 (or "md5" ) = Use MySQL MD5() function
  7. md5 (false)
  8.     If set to "true", use MD5 by default for crypt(3) hash. Only meaningful when crypt is set to "Y".


 
J'ai testé toute les possibilités... Et je trovue très peu d'informations sur le sujet sur le net.
Merci  :jap:

Reply

Marsh Posté le 09-01-2007 à 23:26:27   

Reply

Marsh Posté le 10-01-2007 à 10:12:52    

je l'utilise pour une authentication sasl  
le password est crypté en md5  

Reply

Marsh Posté le 10-01-2007 à 17:42:25    

Tu peux me faire deraper gentilment tes fichiers de conf ?

Reply

Marsh Posté le 10-01-2007 à 17:49:15    

je les poste ce soir quand je serai chez moi
mais pour info tu cherches bien a faire une authentication sasl avec postfix ou pas du tout ?

Reply

Marsh Posté le 10-01-2007 à 18:43:18    

thanks you :)  
et dans la base mysql tu as juste utiliser la fonction md5() ?

Reply

Marsh Posté le 10-01-2007 à 22:44:48    

sur une debian
avec les packages testing
 

Code :
  1. /etc/pam.d/smtp
  2. auth       required     pam_nologin.so
  3. auth       required     pam_mysql.so user=postfix passwd=xxx host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1
  4. #auth       required     pam_unix.so
  5. auth       required     pam_env.so # [1]
  6. account       sufficient   pam_mysql.so user=postfix passwd=xxxx host=localhost db=postfix table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1
  7. account    required     pam_unix.so


 
 

Code :
  1. /etc/init.d/saslauthd
  2. #! /bin/sh
  3. ### BEGIN INIT INFO
  4. # Provides:          saslauthd
  5. # Required-Start:    $local_fs $remote_fs
  6. # Required-Stop:     $local_fs $remote_fs
  7. # Default-Start:     2 3 4 5
  8. # Default-Stop:      S 0 1 6
  9. # Short-Description: saslauthd startup script
  10. # Description:       This script starts the saslauthd daemon. It is
  11. #                    configured using the file /etc/default/saslauthd.
  12. ### END INIT INFO
  13. # Author: Fabian Fagerholm <fabbe@debian.org>
  14. #
  15. # Based on previous work by Dima Barsky.
  16. # Do NOT "set -e"
  17. # PATH should only include /usr/* if it runs after the mountnfs.sh script
  18. PATH=/usr/sbin:/usr/bin:/sbin:/bin
  19. DESC="SASL Authentication Daemon"
  20. NAME=saslauthd
  21. DAEMON=/usr/sbin/$NAME
  22. DAEMON_ARGS=""
  23. SCRIPTNAME=/etc/init.d/$NAME
  24. FALLBACK_RUN_DIR=/var/run/$NAME
  25. EXIT_ERROR_CODE=1
  26. # Exit if the daemon is not installed
  27. test -x "$DAEMON" || exit 0
  28. # Read configuration variable file if it is present
  29. [ -r /etc/default/$NAME ] && . /etc/default/$NAME
  30. # Load the VERBOSE setting and other rcS variables
  31. [ -f /etc/default/rcS ] && . /etc/default/rcS
  32. # Define LSB log_* functions.
  33. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
  34. . /lib/lsb/init-functions
  35. # Determine run directory and pid file location by looking for an -m option.
  36. RUN_DIR=`echo "$OPTIONS" | xargs -n 1 echo | sed -n '/^-m$/{n;p}'`
  37. if [ -z "$RUN_DIR" ]; then
  38.       # No run directory defined in defaults file, use fallback
  39.       RUN_DIR=$FALLBACK_RUN_DIR
  40. fi
  41. PIDFILE=$RUN_DIR/saslauthd.pid
  42. # If the daemon is not enabled, give the user a warning and then exit,
  43. # unless we are stopping the daemon
  44. if [ "$START" != "yes" -a "$1" != "stop" ]; then
  45.       log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
  46.       exit 0
  47. fi
  48. # If no mechanisms are defined, log this and exit
  49. if [ -z "$MECHANISMS" ]; then
  50.       log_failure_msg "No mechanisms defined in /etc/default/$NAME," \
  51.                   "not starting $NAME"
  52.       exit $EXIT_ERROR_CODE
  53. fi
  54. # If there are mechanism options defined, prepare them for use with the -O flag
  55. if [ -n "$MECH_OPTIONS" ]; then
  56.       MECH_OPTIONS="-O $MECH_OPTIONS"
  57. fi
  58. # If there is a threads option defined, prepare it for use with the -n flag
  59. if [ -n "$THREADS" ]; then
  60.       THREAD_OPTIONS="-n $THREADS"
  61. fi
  62. # Construct argument string
  63. DAEMON_ARGS="$DAEMON_ARGS -a $MECHANISMS $MECH_OPTIONS $OPTIONS $THREAD_OPTIONS"
  64. #
  65. # Function that creates a directory with the specified
  66. # ownership and permissions
  67. #
  68. createdir()
  69. {
  70. # $1 = user
  71. # $2 = group
  72. # $3 = permissions (octal)
  73. # $4 = path to directory
  74.       # In the future, use -P/-Z to have SE Linux enhancement.
  75.       install -d --group="$2" --mode="$3" --owner="$1" "$4"
  76. }
  77. #
  78. # Function that starts the daemon/service
  79. #
  80. do_start()
  81. {
  82.       # Return
  83.       #   0 if daemon has been started
  84.       #   1 if daemon was already running
  85.       #   2 if daemon could not be started
  86.       if dpkg-statoverride --list $RUN_DIR > /dev/null; then
  87.             dir=`dpkg-statoverride --list $RUN_DIR`
  88.       fi
  89.       test -z "$dir" || createdir $dir
  90.       start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
  91.             --exec $DAEMON --test > /dev/null \
  92.             || return 1
  93.       start-stop-daemon --start --quiet --pidfile $PIDFILE --name $NAME \
  94.             --exec $DAEMON -- $DAEMON_ARGS \
  95.             || return 2
  96.       # Add code here, if necessary, that waits for the process to be ready
  97.       # to handle requests from services started subsequently which depend
  98.       # on this one.  As a last resort, sleep for some time.
  99. }
  100. #
  101. # Function that stops the daemon/service
  102. #
  103. do_stop()
  104. {
  105.       # Return
  106.       #   0 if daemon has been stopped
  107.       #   1 if daemon was already stopped
  108.       #   2 if daemon could not be stopped
  109.       #   other if a failure occurred
  110.       start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
  111.             --pidfile $PIDFILE --name $NAME
  112.       RETVAL="$?"
  113.       [ "$RETVAL" = 2 ] && return 2
  114.       # Wait for children to finish too if this is a daemon that forks
  115.       # and if the daemon is only ever run from this initscript.
  116.       # If the above conditions are not satisfied then add some other code
  117.       # that waits for the process to drop all resources that could be
  118.       # needed by services started subsequently.  A last resort is to
  119.       # sleep for some time.
  120.       start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 \
  121.             --exec $DAEMON
  122.       [ "$?" = 2 ] && return 2
  123.       # Many daemons don't delete their pidfiles when they exit.
  124.       rm -f $PIDFILE
  125.       return "$RETVAL"
  126. }
  127. #
  128. # Function that sends a SIGHUP to the daemon/service
  129. #
  130. do_reload() {
  131.       #
  132.       # If the daemon can reload its configuration without
  133.       # restarting (for example, when it is sent a SIGHUP),
  134.       # then implement that here.
  135.       #
  136.       start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE \
  137.             --name $NAME
  138.       return 0
  139. }
  140. case "$1" in
  141.   start)
  142.       [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
  143.       do_start
  144.       case "$?" in
  145.             0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
  146.             1) [ "$VERBOSE" != no ] && log_progress_msg "(already running)" && \
  147.                                        log_end_msg 0 ;;
  148.             2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
  149.       esac
  150.       ;;
  151.   stop)
  152.       [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
  153.       do_stop
  154.       case "$?" in
  155.             0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
  156.             1) [ "$VERBOSE" != no ] && log_progress_msg "(not running)" && \
  157.                                        log_end_msg 0 ;;
  158.             2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
  159.       esac
  160.       ;;
  161.   #reload|force-reload)
  162.       #
  163.       # If do_reload() is not implemented then leave this commented out
  164.       # and leave 'force-reload' as an alias for 'restart'.
  165.       #
  166.       #log_daemon_msg "Reloading $DESC" "$NAME"
  167.       #do_reload
  168.       #log_end_msg $?
  169.       #;;
  170.   restart|force-reload)
  171.       #
  172.       # If the "reload" option is implemented then remove the
  173.       # 'force-reload' alias
  174.       #
  175.       log_daemon_msg "Restarting $DESC" "$NAME"
  176.       do_stop
  177.       case "$?" in
  178.         0|1)
  179.             do_start
  180.             case "$?" in
  181.                   0) log_end_msg 0 ;;
  182.                   1) log_end_msg 1 ;; # Old process is still running
  183.                   *) log_end_msg 1 ;; # Failed to start
  184.             esac
  185.             ;;
  186.         *)
  187.             # Failed to stop
  188.             log_end_msg 1
  189.             ;;
  190.       esac
  191.       ;;
  192.   *)
  193.       echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
  194.       exit 3
  195.       ;;
  196. esac
  197. :


 
 
 

Code :
  1. /etc/default/saslauthd
  2. #
  3. # Settings for saslauthd daemon
  4. #
  5. # Should saslauthd run automatically on startup? (default: no)
  6. START=yes
  7. # Which authentication mechanisms should saslauthd use? (default: pam)
  8. #
  9. # Available options in this Debian package:
  10. # getpwent  -- use the getpwent() library function
  11. # kerberos5 -- use Kerberos 5
  12. # pam       -- use PAM
  13. # rimap     -- use a remote IMAP server
  14. # shadow    -- use the local shadow password file
  15. # sasldb    -- use the local sasldb database file
  16. # ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
  17. #
  18. # Only one option may be used at a time. See the saslauthd man page
  19. # for more information.
  20. #
  21. # Example: MECHANISMS="pam"
  22. MECHANISMS="pam"
  23. # Additional options for this mechanism. (default: none)
  24. # See the saslauthd man page for information about mech-specific options.
  25. MECH_OPTIONS=""
  26. # How many saslauthd processes should we run? (default: 5)
  27. # A value of 0 will fork a new process for each connection.
  28. THREADS=5
  29. # Other options (default: -c)
  30. # See the saslauthd man page for information about these options.
  31. #
  32. # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
  33. # Note: See /usr/share/doc/sasl2-bin/README.Debian
  34. OPTIONS="-c -r -m /var/spool/postfix/var/run/saslauthd"


saslauthd
---------
 
Using saslauthd with Postfix:
 
 If you run a chrooted server such as Postfix and wish to use saslauthd, you
 must place the saslauthd socket ("mux" ) inside the Postfix chroot. You must
 also set correct overrides for the run directory inside the chroot, using
 dpkg-statoverride. Finally, you must add the postfix user to the sasl group.
 These steps ensure that the Debian subsystems know how you want things to be
 laid out.
 
 To place the saslauthd socket inside the Postfix chroot, edit
 /etc/default/saslauthd and set OPTIONS like this (you may omit -c):
  OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
 
 To set the run directory using dpkg-statoverride, run this command as root:
  dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
 
 Finally, to add the postfix user to the sasl group:
  adduser postfix sasl
 
 The init script will automatically create the run directory with the
 permissions you have set using dpkg-statoverride. Please note that you must
 also configure Postfix correctly. There are many options related to SASL. See
 the Postfix documentation for how to do this.
 
 -- Fabian Fagerholm <fabbe@debian.org>, Tue, 14 Nov 2006 14:21:50 +0200
 

Reply

Marsh Posté le 10-01-2007 à 22:46:09    

AVec les packages testing ? ceux de stable ca ne marchait pas ?
 
Merci en tout cas pour ces infos :)  :hello:  :jap:

Message cité 1 fois
Message édité par clockover le 10-01-2007 à 22:47:35
Reply

Marsh Posté le 10-01-2007 à 22:46:59    

clockover a écrit :

AVec les packages testing ? ceux de stable ca ne marchait pas ?


 
j'ai pas essayé  
mais a priori oui
 
 

Reply

Marsh Posté le 10-01-2007 à 22:48:10    

oki :) :hello:

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed