Bug 654393 - Error retrieving the AUTHTOK
Summary: Error retrieving the AUTHTOK
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: pam_mysql
Version: el5
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Paul P Komkoff Jr
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-17 18:49 UTC by filipe.veloza
Modified: 2017-04-06 10:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-06 10:27:50 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description filipe.veloza 2010-11-17 18:49:23 UTC 
Description of problem:
When pam_mysql tries to retrieve pam's AUTHTOKEN, returns either (null) or "^H ^M^?INCORRECT"

Version-Release number of selected component (if applicable):
pam_mysql-0.7-0.4.rc1.el5.2.src.rpm

How reproducible:
 * Install the pam_mysql module according to instructions
 * Activate module on pam.d/system-auth
auth       sufficient     pam_mysql.so user=XXXXXX_pam passwd=XXXXXXX host=localhost db=XXXXXXX table=XXXXX usercolumn=name passwdcolumn=passwd verbose=1 disconnect_every_op=1 crypt=0 use_first_pass=1 try_first_pass=0
 * Login to the system
 * Check log on /var/log/secure
Steps to Reproduce:
1.
2.
3.
  
Actual results:
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option verbose is set to "1"
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option disconnect_every_op is set to "1"
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option crypt is set to "0"
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option use_first_pass is set to "1"
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option try_first_pass is set to "0"
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_close_db() called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_sm_authenticate() called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - Error retrieving the password PAM_SUCCESS [ ^H ^M^?INCORRECT ].
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_open_db() called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_open_db() returning 0.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_check_passwd(XXXXXX,^H ^M^?INCORRECT) called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_format_string() called
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_quick_escape() called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - SELECT passwd FROM pam_users WHERE name = 'XXXXXXX'
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - SELECT returned no result.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_check_passwd() returning 1.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_sql_log() called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_sql_log() returning 0.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_close_db() called.
Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_sm_authenticate() returning 10.


Expected results:


Additional info:
This output is a result of the following path, so the actual password can be seen :
--- pam_mysql-0.7RC1/pam_mysql.c        2006-01-09 11:35:59.000000000 +0100
+++ pam_mysql-0.7RC1_NEW/pam_mysql_passwd.c     2010-11-17 14:55:27.000000000 +0100
@@ -2566,7 +2566,7 @@
        int vresult;

        if (ctx->verbose) {
-               syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "pam_mysql_check_passwd() called.");
+               syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "pam_mysql_check_passwd(%s,%s) called.", user, passwd);
        }

        /* To avoid putting a plain password in the MySQL log file and on
Comment 1 Fedora End Of Life 2017-04-06 10:27:50 UTC 
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5
is no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of Fedora
or Fedora EPEL, please feel free to reopen this bug against that version. If
you are unable to reopen this bug, please file a new report against the current
release. If you experience problems, please add a comment to this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.