歡迎您光臨本站 註冊首頁
開源互助社區>文檔>運維技術

[已解決]openvpn用pam認證的問題

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

[已解決]openvpn用pam認證的問題

openvpn的內容如下:
# cat /etc/pam.d/openvpn
auth sufficient pam_mysql.so user=root passwd=root host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=2
account required pam_mysql.so user=root passwd=root host=localhost db=vpn \
table=vpnuser usercolumn=name passwdcolumn=password \
where=active=1 sqllog=0 crypt=2
auth       optional     pam_stack.so service=system-auth
auth       optional     pam_nologin.so
password   required     pam_stack.so service=system-auth

可以用資料庫,也可以用本地用戶
用testsaslauthd測試的時候,,系統用戶可以,,資料庫裡面的用戶名就成

# testsaslauthd -u root -p aiying -s openvpn
0: OK "Success."
# testsaslauthd -u elm -p elm -s openvpn
size read failed
0:

這是什麼問題呀?

[ 本帖最後由 badb0y 於 2008-7-23 10:05 編輯 ]
《解決方案》

/var/log/message

好像也沒什麼錯的,
# cat /var/log/messages
Jul 22 03:15:04 localhost openvpn: pam_sm_authenticate called.
Jul 22 03:15:04 localhost openvpn: dbuser changed.
Jul 22 03:15:04 localhost openvpn: dbpasswd changed.
Jul 22 03:15:04 localhost openvpn: host changed.
Jul 22 03:15:04 localhost openvpn: database changed.
Jul 22 03:15:04 localhost openvpn: table changed.
Jul 22 03:15:04 localhost openvpn: usercolumn changed.
Jul 22 03:15:04 localhost openvpn: passwdcolumn changed.
Jul 22 03:15:04 localhost openvpn: where changed.
Jul 22 03:15:04 localhost openvpn: sqllog changed.
Jul 22 03:15:04 localhost openvpn: crypt changed.
Jul 22 03:15:04 localhost openvpn: db_connect  called.
Jul 22 03:15:04 localhost openvpn: returning 0 .
Jul 22 03:15:04 localhost openvpn: db_checkpasswd called.
Jul 22 03:15:04 localhost openvpn: pam_mysql: where clause = active=1
Jul 22 03:15:04 localhost openvpn: SELECT password FROM vpnuser WHERE name='elm' AND (active=1)
Jul 22 03:16:34 localhost openvpn: pam_sm_authenticate called.
Jul 22 03:16:34 localhost openvpn: dbuser changed.
Jul 22 03:16:34 localhost openvpn: dbpasswd changed.
Jul 22 03:16:34 localhost openvpn: host changed.
Jul 22 03:16:34 localhost openvpn: database changed.
Jul 22 03:16:34 localhost openvpn: table changed.
Jul 22 03:16:34 localhost openvpn: usercolumn changed.
Jul 22 03:16:34 localhost openvpn: passwdcolumn changed.
Jul 22 03:16:34 localhost openvpn: where changed.
Jul 22 03:16:34 localhost openvpn: sqllog changed.
Jul 22 03:16:34 localhost openvpn: crypt changed.
Jul 22 03:16:34 localhost openvpn: db_connect  called.
Jul 22 03:16:34 localhost openvpn: returning 0 .
Jul 22 03:16:34 localhost openvpn: db_checkpasswd called.
Jul 22 03:16:34 localhost openvpn: pam_mysql: where clause = active=1
Jul 22 03:16:34 localhost openvpn: SELECT password FROM vpnuser WHERE name='test3' AND (active=1)
Jul 22 04:50:06 localhost saslauthd: pam_sm_authenticate called.
Jul 22 04:50:06 localhost saslauthd: dbuser changed.
Jul 22 04:50:06 localhost saslauthd: dbpasswd changed.
Jul 22 04:50:06 localhost saslauthd: host changed.
Jul 22 04:50:06 localhost saslauthd: database changed.
Jul 22 04:50:06 localhost saslauthd: table changed.
Jul 22 04:50:06 localhost saslauthd: usercolumn changed.
Jul 22 04:50:06 localhost saslauthd: passwdcolumn changed.
Jul 22 04:50:06 localhost saslauthd: where changed.
Jul 22 04:50:06 localhost saslauthd: sqllog changed.
Jul 22 04:50:06 localhost saslauthd: crypt changed.
Jul 22 04:50:06 localhost saslauthd: db_connect  called.
Jul 22 04:50:06 localhost saslauthd: returning 0 .
Jul 22 04:50:06 localhost saslauthd: db_checkpasswd called.
Jul 22 04:50:06 localhost saslauthd: pam_mysql: where clause = active=1
Jul 22 04:50:06 localhost saslauthd: SELECT password FROM vpnuser WHERE name='root' AND (active=1)
Jul 22 04:50:06 localhost saslauthd: pam_mysql: select returned more than one result
Jul 22 04:50:06 localhost saslauthd: returning 7 after db_checkpasswd.
Jul 22 04:50:06 localhost saslauthd: pam_mysql: acct_mgmt called but not implemented. Dont panic though :)
Jul 22 04:50:13 localhost saslauthd: pam_sm_authenticate called.
Jul 22 04:50:13 localhost saslauthd: dbuser changed.
Jul 22 04:50:13 localhost saslauthd: dbpasswd changed.
Jul 22 04:50:13 localhost saslauthd: host changed.
Jul 22 04:50:13 localhost saslauthd: database changed.
Jul 22 04:50:13 localhost saslauthd: table changed.
Jul 22 04:50:13 localhost saslauthd: usercolumn changed.
Jul 22 04:50:13 localhost saslauthd: passwdcolumn changed.
Jul 22 04:50:13 localhost saslauthd: where changed.
Jul 22 04:50:13 localhost saslauthd: sqllog changed.
Jul 22 04:50:13 localhost saslauthd: crypt changed.
Jul 22 04:50:13 localhost saslauthd: db_connect  called.
Jul 22 04:50:13 localhost saslauthd: returning 0 .
Jul 22 04:50:13 localhost saslauthd: db_checkpasswd called.
Jul 22 04:50:13 localhost saslauthd: pam_mysql: where clause = active=1
Jul 22 04:50:13 localhost saslauthd: SELECT password FROM vpnuser WHERE name='elm' AND (active=1)
Jul 22 04:50:16 localhost saslauthd: pam_sm_authenticate called.
Jul 22 04:50:16 localhost saslauthd: dbuser changed.
Jul 22 04:50:16 localhost saslauthd: dbpasswd changed.
Jul 22 04:50:16 localhost saslauthd: host changed.
Jul 22 04:50:16 localhost saslauthd: database changed.
Jul 22 04:50:16 localhost saslauthd: table changed.
Jul 22 04:50:16 localhost saslauthd: usercolumn changed.
Jul 22 04:50:16 localhost saslauthd: passwdcolumn changed.
Jul 22 04:50:16 localhost saslauthd: where changed.
Jul 22 04:50:16 localhost saslauthd: sqllog changed.
Jul 22 04:50:16 localhost saslauthd: crypt changed.
Jul 22 04:50:16 localhost saslauthd: db_connect  called.
Jul 22 04:50:16 localhost saslauthd: returning 0 .
Jul 22 04:50:16 localhost saslauthd: db_checkpasswd called.
Jul 22 04:50:16 localhost saslauthd: pam_mysql: where clause = active=1
Jul 22 04:50:16 localhost saslauthd: SELECT password FROM vpnuser WHERE name='elm' AND (active=1)
#
《解決方案》

寫完文章后我有點後悔了

我現在也不贊成使用PAM來驗證了,還不如直接用PHP寫個腳本來連接MySQL驗證呢。
《解決方案》

原帖由 wenzk 於 2008-7-23 01:34 發表 http://bbs.chinaunix.net/images/common/back.gif
寫完文章后我有點後悔了

我現在也不贊成使用PAM來驗證了,還不如直接用PHP寫個腳本來連接MySQL驗證呢。


版主,,什麼意思,,可否詳細一點,我來試一下!




現在可以通過驗證了!已經沒什麼問題了!

[ 本帖最後由 badb0y 於 2008-7-23 14:04 編輯 ]
《解決方案》

類似這樣的方法

#!/usr/bin/perl
# Write by ELM
# wzk wenzk net
# http://www.wenzk.net
#
# POP3 Auth script for OpenVPN
# Usage:
# save this file to /etc/openvpn/ as popauth.pl
# run: chmod +x /etc/openvpn/popauth.pl
# add the next line to you OpenVPN config file
# auth-user-pass-verify /etc/openvpn/popauth.pl via-env
# restart your OpenVPN Server

use Net::POP3;

# POP Server Address
$POPHOST = "localhost";
$USERNAME = $ENV{username};
$PASSWORD = $ENV{password};

# Constructors
$pop = Net::POP3->new($POPHOST);
$pop = Net::POP3->new($POPHOST, Timeout => 60);


if ( defined  $pop->login($USERNAME, $PASSWORD) ) {
        $result = 0;
} else {
        $result = 1;
}

$pop->quit;

exit $result;

改用PHP來寫,用php去連接MySQL來驗證
《解決方案》

回復 #3 wenzk 的帖子

不太明白為什麼後悔了,性能不夠好嗎?能否解釋一下?
《解決方案》

回復 #3 wenzk 的帖子

不太明白為什麼後悔了,性能不夠好嗎?能否解釋一下?
《解決方案》

PAM+Mysql中間有很多問題,還不如直接用PHP+Mysql實現簡單。

[火星人 ] [已解決]openvpn用pam認證的問題已經有706次圍觀

http://coctec.com/docs/service/show-post-25601.html

熱門文章

  1. sed當中使用變數替換以及執行外部命令
  2. 英特爾的VT-x、VT-d、VT-c技術概述
  3. NXDomain指的是什麼意思?
  4. CACTI不能顯示圖像,rra下沒有文件!許可權,PATH,snmpwalk沒問題
  5. VPN技術討論——IPsec VPN與SSL VPN的比較。
  6. vsftp的問題500 OOPS: unrecognised variable in config file: cal_root
  7. openldap 很慢問題
  8. 為何htpasswd命令不能用
  9. tomcat的CLOSE_WAIT是怎麼回事
  10. 開源資產管理軟體—OCS-NG

最新文章

  1. 如何使用DMA66的硬碟
  2. 網卡設置指南
  3. Linux下新手裝網卡指南
  4. 設置串列埠和數據機
  5. 如何在Linux上使用HAProxy配置HTTP負載均衡系統
  6. 解決 502 bad gateway
  7. 配置mysql5.5主從伺服器
  8. Mongodb中關於GUID的顯示問題詳析
  9. Openssl實現雙向認證教程(附服務端客戶端程式碼)
  10. JVM執行時資料區劃分原理詳解