[已解決]openvpn用pam認證的問題
openvpn的內容如下:
# cat /etc/pam.d/openvpn
auth sufficient pam_mysql.so user=root passwd=root host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=2
account required pam_mysql.so user=root passwd=root host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=2
auth optional pam_stack.so service=system-auth
auth optional pam_nologin.so
password required pam_stack.so service=system-auth
可以用資料庫,也可以用本地用戶
用testsaslauthd測試的時候,,系統用戶可以,,資料庫裡面的用戶名就成
# testsaslauthd -u root -p aiying -s openvpn
0: OK "Success."
# testsaslauthd -u elm -p elm -s openvpn
size read failed
0:
這是什麼問題呀?
[ 本帖最後由 badb0y 於 2008-7-23 10:05 編輯 ]
《解決方案》
/var/log/message
好像也沒什麼錯的,
# cat /var/log/messages
Jul 22 03:15:04 localhost openvpn: pam_sm_authenticate called.
Jul 22 03:15:04 localhost openvpn: dbuser changed.
Jul 22 03:15:04 localhost openvpn: dbpasswd changed.
Jul 22 03:15:04 localhost openvpn: host changed.
Jul 22 03:15:04 localhost openvpn: database changed.
Jul 22 03:15:04 localhost openvpn: table changed.
Jul 22 03:15:04 localhost openvpn: usercolumn changed.
Jul 22 03:15:04 localhost openvpn: passwdcolumn changed.
Jul 22 03:15:04 localhost openvpn: where changed.
Jul 22 03:15:04 localhost openvpn: sqllog changed.
Jul 22 03:15:04 localhost openvpn: crypt changed.
Jul 22 03:15:04 localhost openvpn: db_connect called.
Jul 22 03:15:04 localhost openvpn: returning 0 .
Jul 22 03:15:04 localhost openvpn: db_checkpasswd called.
Jul 22 03:15:04 localhost openvpn: pam_mysql: where clause = active=1
Jul 22 03:15:04 localhost openvpn: SELECT password FROM vpnuser WHERE name='elm' AND (active=1)
Jul 22 03:16:34 localhost openvpn: pam_sm_authenticate called.
Jul 22 03:16:34 localhost openvpn: dbuser changed.
Jul 22 03:16:34 localhost openvpn: dbpasswd changed.
Jul 22 03:16:34 localhost openvpn: host changed.
Jul 22 03:16:34 localhost openvpn: database changed.
Jul 22 03:16:34 localhost openvpn: table changed.
Jul 22 03:16:34 localhost openvpn: usercolumn changed.
Jul 22 03:16:34 localhost openvpn: passwdcolumn changed.
Jul 22 03:16:34 localhost openvpn: where changed.
Jul 22 03:16:34 localhost openvpn: sqllog changed.
Jul 22 03:16:34 localhost openvpn: crypt changed.
Jul 22 03:16:34 localhost openvpn: db_connect called.
Jul 22 03:16:34 localhost openvpn: returning 0 .
Jul 22 03:16:34 localhost openvpn: db_checkpasswd called.
Jul 22 03:16:34 localhost openvpn: pam_mysql: where clause = active=1
Jul 22 03:16:34 localhost openvpn: SELECT password FROM vpnuser WHERE name='test3' AND (active=1)
Jul 22 04:50:06 localhost saslauthd: pam_sm_authenticate called.
Jul 22 04:50:06 localhost saslauthd: dbuser changed.
Jul 22 04:50:06 localhost saslauthd: dbpasswd changed.
Jul 22 04:50:06 localhost saslauthd: host changed.
Jul 22 04:50:06 localhost saslauthd: database changed.
Jul 22 04:50:06 localhost saslauthd: table changed.
Jul 22 04:50:06 localhost saslauthd: usercolumn changed.
Jul 22 04:50:06 localhost saslauthd: passwdcolumn changed.
Jul 22 04:50:06 localhost saslauthd: where changed.
Jul 22 04:50:06 localhost saslauthd: sqllog changed.
Jul 22 04:50:06 localhost saslauthd: crypt changed.
Jul 22 04:50:06 localhost saslauthd: db_connect called.
Jul 22 04:50:06 localhost saslauthd: returning 0 .
Jul 22 04:50:06 localhost saslauthd: db_checkpasswd called.
Jul 22 04:50:06 localhost saslauthd: pam_mysql: where clause = active=1
Jul 22 04:50:06 localhost saslauthd: SELECT password FROM vpnuser WHERE name='root' AND (active=1)
Jul 22 04:50:06 localhost saslauthd: pam_mysql: select returned more than one result
Jul 22 04:50:06 localhost saslauthd: returning 7 after db_checkpasswd.
Jul 22 04:50:06 localhost saslauthd: pam_mysql: acct_mgmt called but not implemented. Dont panic though :)
Jul 22 04:50:13 localhost saslauthd: pam_sm_authenticate called.
Jul 22 04:50:13 localhost saslauthd: dbuser changed.
Jul 22 04:50:13 localhost saslauthd: dbpasswd changed.
Jul 22 04:50:13 localhost saslauthd: host changed.
Jul 22 04:50:13 localhost saslauthd: database changed.
Jul 22 04:50:13 localhost saslauthd: table changed.
Jul 22 04:50:13 localhost saslauthd: usercolumn changed.
Jul 22 04:50:13 localhost saslauthd: passwdcolumn changed.
Jul 22 04:50:13 localhost saslauthd: where changed.
Jul 22 04:50:13 localhost saslauthd: sqllog changed.
Jul 22 04:50:13 localhost saslauthd: crypt changed.
Jul 22 04:50:13 localhost saslauthd: db_connect called.
Jul 22 04:50:13 localhost saslauthd: returning 0 .
Jul 22 04:50:13 localhost saslauthd: db_checkpasswd called.
Jul 22 04:50:13 localhost saslauthd: pam_mysql: where clause = active=1
Jul 22 04:50:13 localhost saslauthd: SELECT password FROM vpnuser WHERE name='elm' AND (active=1)
Jul 22 04:50:16 localhost saslauthd: pam_sm_authenticate called.
Jul 22 04:50:16 localhost saslauthd: dbuser changed.
Jul 22 04:50:16 localhost saslauthd: dbpasswd changed.
Jul 22 04:50:16 localhost saslauthd: host changed.
Jul 22 04:50:16 localhost saslauthd: database changed.
Jul 22 04:50:16 localhost saslauthd: table changed.
Jul 22 04:50:16 localhost saslauthd: usercolumn changed.
Jul 22 04:50:16 localhost saslauthd: passwdcolumn changed.
Jul 22 04:50:16 localhost saslauthd: where changed.
Jul 22 04:50:16 localhost saslauthd: sqllog changed.
Jul 22 04:50:16 localhost saslauthd: crypt changed.
Jul 22 04:50:16 localhost saslauthd: db_connect called.
Jul 22 04:50:16 localhost saslauthd: returning 0 .
Jul 22 04:50:16 localhost saslauthd: db_checkpasswd called.
Jul 22 04:50:16 localhost saslauthd: pam_mysql: where clause = active=1
Jul 22 04:50:16 localhost saslauthd: SELECT password FROM vpnuser WHERE name='elm' AND (active=1)
#
《解決方案》
寫完文章后我有點後悔了
我現在也不贊成使用PAM來驗證了,還不如直接用PHP寫個腳本來連接MySQL驗證呢。
《解決方案》
原帖由 wenzk 於 2008-7-23 01:34 發表 http://bbs.chinaunix.net/images/common/back.gif
寫完文章后我有點後悔了
我現在也不贊成使用PAM來驗證了,還不如直接用PHP寫個腳本來連接MySQL驗證呢。
版主,,什麼意思,,可否詳細一點,我來試一下!
現在可以通過驗證了!已經沒什麼問題了!
[ 本帖最後由 badb0y 於 2008-7-23 14:04 編輯 ]
《解決方案》
類似這樣的方法
#!/usr/bin/perl
# Write by ELM
# wzk wenzk net
# http://www.wenzk.net
#
# POP3 Auth script for OpenVPN
# Usage:
# save this file to /etc/openvpn/ as popauth.pl
# run: chmod +x /etc/openvpn/popauth.pl
# add the next line to you OpenVPN config file
# auth-user-pass-verify /etc/openvpn/popauth.pl via-env
# restart your OpenVPN Server
use Net::POP3;
# POP Server Address
$POPHOST = "localhost";
$USERNAME = $ENV{username};
$PASSWORD = $ENV{password};
# Constructors
$pop = Net::POP3->new($POPHOST);
$pop = Net::POP3->new($POPHOST, Timeout => 60);
if ( defined $pop->login($USERNAME, $PASSWORD) ) {
$result = 0;
} else {
$result = 1;
}
$pop->quit;
exit $result;
改用PHP來寫,用php去連接MySQL來驗證
《解決方案》
回復 #3 wenzk 的帖子
不太明白為什麼後悔了,性能不夠好嗎?能否解釋一下?
《解決方案》
回復 #3 wenzk 的帖子
不太明白為什麼後悔了,性能不夠好嗎?能否解釋一下?
《解決方案》
PAM+Mysql中間有很多問題,還不如直接用PHP+Mysql實現簡單。