Neveikia libpam-pgsql

G
  • 4 Kov '14

Sveiki gyvi,

Dėl neaiškių priežasčių nepavyksta autentifikuoti naudotojų per PAM modulį libpam-pgsql. Iš pradžių maniau, kad modulis gal net neveikia, tačiau pasak tcpdump kažkoks dialogas vyksta..

Jei kam teko laimėti panašų kara su PAM, prašau užmeskit akį žemiau.

PS: veiksmas vyksta Debian GNU/Linux testing (jessie), taip pat ir wheezy.

PSS: Visa tai daroma su tikslu autentifikuoti samba naudotojus per DB. Jei žinote kokį nors alternatyvų, gal geresnį, būdą tai padaryti - pasidalinkit išmintimi.

# dpkg -l postgresql-9.3
ii  postgresql-9.3                                        9.3.2-1                         amd64
# dpkg -l libpam-pgsql
ii  libpam-pgsql                                          0.7.3.1-4                       amd64
# cat /etc/pam.d/pam_tst 
auth     required    /lib/security/pam_pgsql.so
# cat /etc/pam_pgsql.conf 
host = 127.0.0.1
port = 5432
database = tutorial
user = tutorial
password = tutorial
table = reg_account
user_column = user
pwd_column = passwd
pw_type = clear
debug = 1
tutorial=> select * from reg_account;
 id |       user       |   passwd    |               comment               |  email  | enabled 
  1 | pam_tst          | 123         | Pam Auth Test User                  | a@b.com | t
# pamtester pam_tst pam_tst authenticate
Password: 
pamtester: User not known to the underlying authentication module
# tcpdump -vni lo port 5432
10:40:43.453010 IP (tos 0x0, ttl 64, id 56634, offset 0, flags [DF], proto TCP (6), length 60)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [S], cksum 0xfe30 (incorrect -> 0x7feb), seq 1494653516, win 43690, options [mss 65495,sackOK,TS val 279725942 ecr 0,nop,wscale 7], length 0
10:40:43.453039 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [S.], cksum 0xfe30 (incorrect -> 0x5bcd), seq 460959857, ack 1494653517, win 43690, options [mss 65495,sackOK,TS val 279725942 ecr 279725942,nop,wscale 7], length 0
10:40:43.453062 IP (tos 0x0, ttl 64, id 56635, offset 0, flags [DF], proto TCP (6), length 52)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [.], cksum 0xfe28 (incorrect -> 0x2e12), ack 1, win 342, options [nop,nop,TS val 279725942 ecr 279725942], length 0
10:40:43.453102 IP (tos 0x0, ttl 64, id 56636, offset 0, flags [DF], proto TCP (6), length 60)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfe30 (incorrect -> 0x12f9), seq 1:9, ack 1, win 342, options [nop,nop,TS val 279725942 ecr 279725942], length 8
10:40:43.453118 IP (tos 0x0, ttl 64, id 63236, offset 0, flags [DF], proto TCP (6), length 52)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [.], cksum 0xfe28 (incorrect -> 0x2e0a), ack 9, win 342, options [nop,nop,TS val 279725942 ecr 279725942], length 0
10:40:43.453602 IP (tos 0x0, ttl 64, id 63237, offset 0, flags [DF], proto TCP (6), length 53)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0xfe29 (incorrect -> 0xdb00), seq 1:2, ack 9, win 342, options [nop,nop,TS val 279725942 ecr 279725942], length 1
10:40:43.453626 IP (tos 0x0, ttl 64, id 56637, offset 0, flags [DF], proto TCP (6), length 52)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [.], cksum 0xfe28 (incorrect -> 0x2e09), ack 2, win 342, options [nop,nop,TS val 279725942 ecr 279725942], length 0
10:40:43.457009 IP (tos 0x0, ttl 64, id 56638, offset 0, flags [DF], proto TCP (6), length 277)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xff09 (incorrect -> 0x4056), seq 9:234, ack 2, win 342, options [nop,nop,TS val 279725943 ecr 279725942], length 225
10:40:43.461482 IP (tos 0x0, ttl 64, id 63238, offset 0, flags [DF], proto TCP (6), length 1381)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0x035a (incorrect -> 0x6dd8), seq 2:1331, ack 234, win 350, options [nop,nop,TS val 279725944 ecr 279725943], length 1329
10:40:43.461566 IP (tos 0x0, ttl 64, id 56639, offset 0, flags [DF], proto TCP (6), length 52)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [.], cksum 0xfe28 (incorrect -> 0x2549), ack 1331, win 1024, options [nop,nop,TS val 279725944 ecr 279725944], length 0
10:40:43.464080 IP (tos 0x0, ttl 64, id 56640, offset 0, flags [DF], proto TCP (6), length 250)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfeee (incorrect -> 0x3938), seq 234:432, ack 1331, win 1024, options [nop,nop,TS val 279725945 ecr 279725944], length 198
10:40:43.465558 IP (tos 0x0, ttl 64, id 63239, offset 0, flags [DF], proto TCP (6), length 286)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0xff12 (incorrect -> 0x0cac), seq 1331:1565, ack 432, win 359, options [nop,nop,TS val 279725945 ecr 279725945], length 234
10:40:43.465751 IP (tos 0x0, ttl 64, id 56641, offset 0, flags [DF], proto TCP (6), length 158)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfe92 (incorrect -> 0x893b), seq 432:538, ack 1565, win 1024, options [nop,nop,TS val 279725945 ecr 279725945], length 106
10:40:43.466437 IP (tos 0x0, ttl 64, id 63240, offset 0, flags [DF], proto TCP (6), length 142)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0xfe82 (incorrect -> 0xcd38), seq 1565:1655, ack 538, win 359, options [nop,nop,TS val 279725945 ecr 279725945], length 90
10:40:43.466581 IP (tos 0x0, ttl 64, id 56642, offset 0, flags [DF], proto TCP (6), length 158)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfe92 (incorrect -> 0xdf0c), seq 538:644, ack 1655, win 1024, options [nop,nop,TS val 279725946 ecr 279725945], length 106
10:40:43.467436 IP (tos 0x0, ttl 64, id 63241, offset 0, flags [DF], proto TCP (6), length 446)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0xffb2 (incorrect -> 0x6481), seq 1655:2049, ack 644, win 359, options [nop,nop,TS val 279725946 ecr 279725946], length 394
10:40:43.467615 IP (tos 0x0, ttl 64, id 56643, offset 0, flags [DF], proto TCP (6), length 222)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfed2 (incorrect -> 0x6df2), seq 644:814, ack 2049, win 1024, options [nop,nop,TS val 279725946 ecr 279725946], length 170
10:40:43.468680 IP (tos 0x0, ttl 64, id 63242, offset 0, flags [DF], proto TCP (6), length 190)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0xfeb2 (incorrect -> 0xa487), seq 2049:2187, ack 814, win 367, options [nop,nop,TS val 279725946 ecr 279725946], length 138
10:40:43.468808 IP (tos 0x0, ttl 64, id 56644, offset 0, flags [DF], proto TCP (6), length 126)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfe72 (incorrect -> 0x80ac), seq 814:888, ack 2187, win 1024, options [nop,nop,TS val 279725946 ecr 279725946], length 74
10:40:43.468843 IP (tos 0x0, ttl 64, id 56645, offset 0, flags [DF], proto TCP (6), length 89)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [P.], cksum 0xfe4d (incorrect -> 0x1d96), seq 888:925, ack 2187, win 1024, options [nop,nop,TS val 279725946 ecr 279725946], length 37
10:40:43.468919 IP (tos 0x0, ttl 64, id 56646, offset 0, flags [DF], proto TCP (6), length 52)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [F.], cksum 0xfe28 (incorrect -> 0x1f39), seq 925, ack 2187, win 1024, options [nop,nop,TS val 279725946 ecr 279725946], length 0
10:40:43.468996 IP (tos 0x0, ttl 64, id 63243, offset 0, flags [DF], proto TCP (6), length 89)
    127.0.0.1.5432 > 127.0.0.1.50310: Flags [P.], cksum 0xfe4d (incorrect -> 0xa292), seq 2187:2224, ack 926, win 367, options [nop,nop,TS val 279725946 ecr 279725946], length 37
10:40:43.469042 IP (tos 0x0, ttl 64, id 63511, offset 0, flags [DF], proto TCP (6), length 40)
    127.0.0.1.50310 > 127.0.0.1.5432: Flags [R], cksum 0xe11e (correct), seq 1494654442, win 0, length 0
^C
23 packets captured
46 packets received by filter
0 packets dropped by kernel
G
  • 8 Kov '14

Sveiki,

Tęsinukas mano klausimo, t.y. atsakymas

Mano bėda buvo stulpelio pavadinimas DB. Pasirodo, kad “user” yra rezervuotas kitoms reikmėms PostgreSQL. Taigi:

tutorial=# CREATE TABLE test1 (id serial, user text, pass text);
ERROR:  syntax error at or near "user"
LINE 1: CREATE TABLE test1 (id serial, user text, pass text);
                                       ^

Bet vis dėlto, apglėbus kabutėmis, tokį stulpelio pavadinimą galima naudoti:

tutorial=# CREATE TABLE test2 (id serial, "user" text, pass text);
NOTICE:  CREATE TABLE will create implicit sequence "test2_id_seq" for serial column "test2.id"
CREATE TABLE

Kadangi mano lenteles kurė django iš pradžių to net nepastebėjau.

Taigi pam_pgsql.conf direktyvą user_column taip pat reikia nurodyti su kabutėmis:

user_column = "user"

Ir viskas tiesiog pradeda veikti

# pamtester pam_tst pam_tst authenticate
Password: 
pamtester: successfully authenticated