Description of problem: When pam_mysql tries to retrieve pam's AUTHTOKEN, returns either (null) or "^H ^M^?INCORRECT" Version-Release number of selected component (if applicable): pam_mysql-0.7-0.4.rc1.el5.2.src.rpm How reproducible: * Install the pam_mysql module according to instructions * Activate module on pam.d/system-auth auth sufficient pam_mysql.so user=XXXXXX_pam passwd=XXXXXXX host=localhost db=XXXXXXX table=XXXXX usercolumn=name passwdcolumn=passwd verbose=1 disconnect_every_op=1 crypt=0 use_first_pass=1 try_first_pass=0 * Login to the system * Check log on /var/log/secure Steps to Reproduce: 1. 2. 3. Actual results: Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option verbose is set to "1" Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option disconnect_every_op is set to "1" Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option crypt is set to "0" Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option use_first_pass is set to "1" Nov 17 17:27:38 beta sshd[9080]: pam_mysql - option try_first_pass is set to "0" Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_close_db() called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_sm_authenticate() called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - Error retrieving the password PAM_SUCCESS [ ^H ^M^?INCORRECT ]. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_open_db() called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_open_db() returning 0. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_check_passwd(XXXXXX,^H ^M^?INCORRECT) called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_format_string() called Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_quick_escape() called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - SELECT passwd FROM pam_users WHERE name = 'XXXXXXX' Nov 17 17:27:38 beta sshd[9080]: pam_mysql - SELECT returned no result. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_check_passwd() returning 1. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_sql_log() called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_sql_log() returning 0. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_mysql_close_db() called. Nov 17 17:27:38 beta sshd[9080]: pam_mysql - pam_sm_authenticate() returning 10. Expected results: Additional info: This output is a result of the following path, so the actual password can be seen : --- pam_mysql-0.7RC1/pam_mysql.c 2006-01-09 11:35:59.000000000 +0100 +++ pam_mysql-0.7RC1_NEW/pam_mysql_passwd.c 2010-11-17 14:55:27.000000000 +0100 @@ -2566,7 +2566,7 @@ int vresult; if (ctx->verbose) { - syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "pam_mysql_check_passwd() called."); + syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "pam_mysql_check_passwd(%s,%s) called.", user, passwd); } /* To avoid putting a plain password in the MySQL log file and on
Fedora EPEL 5 changed to end-of-life (EOL) status on 2017-03-31. Fedora EPEL 5 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora or Fedora EPEL, please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.