Bug#405773: Mysql auth how then?

To: Peter Scott <peter@webspaces.net.nz>
Cc: 405773@bugs.debian.org
Subject: Bug#405773: Mysql auth how then?
From: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 1 Mar 2008 15:17:17 +0100
Message-id: <[🔎] 200803011517.17308.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 405773@bugs.debian.org
In-reply-to: <47C77403.9090405@webspaces.net.nz>
References: <47C716D0.3010504@webspaces.net.nz> <200802282138.48543.sf@sfritsch.de> <47C77403.9090405@webspaces.net.nz>

On Friday 29 February 2008, Peter Scott wrote:
> Ive spent 2 full days on this. I tried both suggested
> workarounds[1] and with wild and weird results.
>
> Attempting to get mod_authn_dbd to go, as per the apache2
> documentation just brought apache to a grinding halt ( does not
> recognise mod_dbd (paraphrased) load failed. Updated box which
> brought apache to 2.2.3-4+etch4 .Didnt help.

mod_authn_dbd requires mod_dbd. Maybe you did not enable mod_dbd?

It seems that this dependency information is missing in the etch 
package so that a2enmod authn_dbd would not enable mod_dbd 
automatically :-(

> libapache2-mod-auth-pam + libpam-mysql NEARLY worked, but refused
> to let mysql be authoritative even after: - specifying
> AuthBasicAuthoritative Off
> - using auth sufficient in /etc/pam.d/apache2
> - removing pam-unix includes from ditto
>
> The pam-mysql auth passes according to the logs, but then pam-unix
> stops it if there is no system account with the same username.
> Password didnt seem to matter.

I don't know much about pam, but maybe you are missing an "account" 
entry as described in /usr/share/doc/libpam-mysql/README.gz .

> Im nearly to the point of tears on this one[2], and im normally a
> robust sort. Its a moderately production box (intranet), so the
> soln has to be stable, and compatible with LAM(Php). I might be
> willing to give lenny a go if it means i can just use either
> mod_authn_dbd or mod_auth_mysql out of the box(package).

I successfully tested mod_authn_dbd in 2.2.6 with postgresql, so it 
should work in lenny. It might also work with 2.2.3 from etch if you 
load mod_dbd, but I don't know. Mod_authn_dbd also supports sqlite, 
but not mysql. 

> Which do you think is going to be the best route. How far is lenny
> away from stable? Go back to sarge? Would another db solve the
> problem? Creating a mirror dbm or flatfile? <grasps straws />

I now nothing about mod_auth_pam or mod_auth_mysql, so I can't say 
anything about it. But this is the best option if you need php with 
mysql support.

Using mod_authn_dbd with mysql is not possible currently (even in 
lenny), because this would need a change in the way php is compiled 
(and an libaprutil with mysql support, of course).

Sarge looses its security support in one month, so that's not good 
either.

Maybe putting you auth data into a sqlite database and using 
mod_authn_dbd would be an option, too.

Cheers,
Stefan

Reply to:

Prev by Date: Bug#468789: marked as done (ssl-cert configuration hangs)
Next by Date: Processed: fixed 454548 in 2.2.3-4+etch3
Previous by thread: Bug#468789: marked as done (ssl-cert configuration hangs)
Next by thread: Processed: fixed 454548 in 2.2.3-4+etch3
Index(es):
- Date
- Thread