October 4th, 2005, 10:28 AM
PAM, SQL, NSS Theoretical Questions
Well I thought I would put this up before I went to work today, see what comes up..
I have a server running snort, apache, bind, sshd and squid. Users are permitted to log in via sssh to manage their webspace, domain redirectons, and shell accounts. EVentually I would like to have squid available via password authentication as well.
This is a Slackware 10.1 system, and therefore does not include PAM support. Now unless I have missed something, PAM support is installed correctly. Everything appears to be working correctly.
...need more coffee...
I first installed the PAM libraries, the recomiled and installed both util-linux and shadow, in that order. There are some packages included in util-linux for which I want to use the version built by the shadow suite. As far as I can tell, PAM support is fully functional at this point.
I am currently trying to install mysql support for nss, and have had limited success with it, although I believe my problems are coming from databse table structures and grant permissions, rather than a faulty install. I know the mysql nss routines are being called, and the user information is read from the database. IIRC, the password is also read. (I haven't stared at the strace output now for a couple of days). It will mot authenticate, however, although I I quite sure that it identifies requests s valid users when they exist. The script used to create the tables for the database is taken directly from the included example script; the grant statements used to assign table permissions as well.
As wee as having ssh authenticate passwords from a mysql database, which does no require any PAM modules, I would also like to have other applications authenticate from the same database, such as apache, named, and possibly squid. I know Apache has a mod_auth_pam module, but I have not attempted to install it yet.
Eventually additional services may be added which would support authentication from the same password database. Note, that this is primarily an academic excercise. I am aware that ldap would be a lot easier to install and configure, however that is not the point. Eventually I would like all my services to authenticate user requests, and themselves, via the use of PAM and a remote sql database.
Attached are configuration files which may be relevant. Has anyone here ever seen or done anything like this before? Although I do not have a specific question, I am dealing with a couple of problmes presented here... just generally looking for ideas and advice from those who know more than me (c,mon, there's gotta be at least 2 of you out there somewhere...).
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError