Re: Getting an OpenPAM module to work on 5.0-RELEASE
On Sun, Feb 09, 2003 at 08:03:54PM +0300, Sergey Mokryshev wrote: On Sun, 9 Feb 2003, Olivier wrote: Hi, I'm trying to write a MySQL authentication PAM module to be used with Cyrus-imapd2 and salsauthd, since pam-mysql is broken wrt OpenPAM. I started from the base modules source and added mysql code in it. The problem is to get the compiled shared library to work. Hi. Try to build native auxprop saslauthd mysql module. It removes the need of extra abstraction layer (PAM) and permits SASL special authentications (CRAM-MD5, DIGEST-MD5 etc). Ah yes, I thought about that too, but this stuff isn't documented at all it seems, and I need to be able to use blowfish for password encryption, because this has to be used with some other appplcations which are using crypt() and blowfish. From what I understand the saslauthd mysql module allows only to compare the given plaintext user whith another plaintext one stored in a DB. That won't work for me. But I don't understand much of this auxprop/mysql stuff, so I am probably mistaken, and would be most pleased to get explanations about how I can do this. Actually I had patched pam_mysql (on FreeBSD 4.x when pam_mysql was still working, to be able to use blowfish correctly with FreeBSD's crypt(), but my problem is really to get an OpenPAM module to work, I even tried to simply rename the pam_permit one, but have the same problem: openpam_load_module won't find/open it now matter what... Thanks a lot for your suggestions :-) Olivier To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Getting an OpenPAM module to work on 5.0-RELEASE [SOLVED]
On Mon, Feb 10, 2003 at 12:34:32AM +0100, Dag-Erling Smorgrav wrote: Olivier [EMAIL PROTECTED] writes: I'm trying to write a MySQL authentication PAM module to be used with Cyrus-imapd2 and salsauthd, since pam-mysql is broken wrt OpenPAM. Wouldn't it be easier to fix the existing pam_mysql? Indeed, but that's what I'm doing, really (with some improvements), I took the framework of the example modules that come with the new OpenPAM and adapted the code from pam_mysql to work in it, thus following the new API. So basically I'm trying to fix pam_mysql, but the problem was to get OpenPAM to recognize and load the modules I build. It turned out that I missed a couple options for the linker in the Makefile, and thus the shared library probably couldn't be loaded. But the error message wasn't very helpful, and the linking was going fine. It's working now :-) I simply appended -L/usr/local/lib/mysql -lmysqlclient to my LDADD line in the Makefile. Oh and you were right, if I had simply modified the pam_mysql port those options would have been already in the Makefile, but some other needed to be removed too, so I avoided that trouble ;-) So I was being stupid again I guess, sorry for the trouble, this is my first time building shared libraries and such. Thanks again! Olivier To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Getting an OpenPAM module to work on 5.0-RELEASE
On Mon, Feb 10, 2003 at 01:38:13AM +0100, Dag-Erling Smorgrav wrote: Olivier Dony [EMAIL PROTECTED] writes: Actually I had patched pam_mysql (on FreeBSD 4.x when pam_mysql was still working, to be able to use blowfish correctly with FreeBSD's crypt(), but my problem is really to get an OpenPAM module to work, I even tried to simply rename the pam_permit one, but have the same problem: openpam_load_module won't find/open it now matter what... In /usr/src/contrib/openpam/lib/openpam_dynamic.c, change at least the first two instances of PAM_LOG_DEBUG to PAM_LOG_ERROR, then rebuild libpam (cd /usr/src/lib/libpam make make install) and try again. Ah, that's great, I will do that immediately, it sure will help anyway. Too bad I didn't see your second reply earlier, the openpam debug was part of the problem. OpenPAM will now log messages in /var/log/messages showing why it fails to load your module. My guess is that your module requires a library which you forgot to add to LDADD. Exactly, hehe, thank you ! :-) I definetly should have read your second mail, but I was busy playing with those funny PAM modules... Explanation in my previous reply with [SOLVED]. BTW, the PAM module makefiles in the tree aren't standalone: they rely on variables set in Makefile.inc one and two levels up. Amongst other things, they add a version number to the dynamic module, and prevent the static version from being installed. Ok, that's a good thing to know, I read most of those Makefiles but didn't pay much attention ;-) Thanks so much for your help again! Olivier To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
