歡迎您光臨本站 註冊首頁

vsftp1.2+mysql4.1+pam_mysql0.5在RedHat AS4(32bit)下好像是有bug

←手機掃碼閱讀     火星人 @ 2014-03-04 , reply:0

vsftp1.2+mysql4.1+pam_mysql0.5在RedHat AS4(32bit)下好像是有bug

小弟最近在研究在AS4在用VSftp和MySQL通過PAM-MySQL做虛擬用戶,結果怎麼登陸都不成功。
vsftpd.conf
guest_enble=yes
guest_username_vsftpguest
pam_service_name=vsftpvu
MySQL資料庫配置我用vsftpguest本地登陸驗證過了,肯定不會有問題.

/etc/PAM.d/vsftptvu
auth required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2
  account required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2
關健問題就出在PAM_MySQL上,如果用PAM_MySQL0.5中的pam_mysql.so,測試時會在/var/log/messege里顯示
  PAM_MySQL:MySQL err Client does not support authentication protocal requested by server;considr upgrading MySQL client
而如果用PAM_MySQL0.6則根本就沒有任何的顯示. PAM_MySQL0.7更是MAKE不了。

看來我只能改用pureftp才能解決問題,鬱悶ing............................
高手指教!!!

[ 本帖最後由 lingniao 於 2005-11-17 12:13 編輯 ]
《解決方案》

PAM_MySQL0.7 MAKE不了,報什麼錯?你是怎麼做的,能否說說?

crypt=2,用這種認證方式時,你的表裡的password是怎麼生成的。

仔細看看源代碼里的INSTALL和README文件
《解決方案》

mysql -p
  mysql>create database vsftpvu;
  mysql>use vsftpdvu;
  mysql>create table users(name char(16) binary,passwd char(16) binary);
  mysql>insert into users (name,passwd) values ('xiaotong',password('qqmywife'));
  mysql>insert into users (name,passwd) values ('xiaowang',password('ttmywife'));
  mysql>quit
 然後,授權vsftpguest可以讀vsftpvu資料庫的users表。執行以下命令:
   mysql -u root mysql -p
  mysql>grant select on vsftpvu.users to vsftpguest@localhost identified by 'i52serial0';
  mysql>quit

  然後我用vsftpguest本地登陸,
      mysql -pi52serial0 vsftpdvu
  mysql>select * from users;
  成功,列出xiaotong、xiaowang和加密后的密碼

我參考的文章是http://www.21ds.net/article/_32/2004-08/09/356_1.html
且做了少許改動。vsftpdguest改成vsftpguest,vsftpdvu改成vsftpvu,
我認為文章中少了一句話在/etc/vsftpd/vsftp.conf/中,於是我加入pam_service_name=vsftpvu,並把原來的pam_service_name註釋掉。
《解決方案》

請仔細看源代碼里的README文件。
使用crypt=2時, pam-mysql加密密碼的password函數和你在sql語句用戶的password函數演算法是不一樣的
《解決方案》

回復 4樓 wolfg 的帖子

# make
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/security -I/usr/include    -g -O2 -I/usr/local/mysql/include/mysql    -c pam_mysql.c
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/security -I/usr/include -g -O2 -I/usr/local/mysql/include/mysql -c pam_mysql.c  -fPIC -DPIC -o .libs/pam_mysql.o
In file included from pam_mysql.c:124:
/usr/include/md5.h:27: syntax error before "UINT4"
/usr/include/md5.h:30: syntax error before '}' token
/usr/include/md5.h:38: syntax error before "PROTO_LIST"
/usr/include/md5.h:39: syntax error before "PROTO_LIST"
/usr/include/md5.h:41: syntax error before "PROTO_LIST"
/usr/include/md5.h:43: syntax error before "PROTO_LIST"
make: *** Error 1
這是MAKE 0.7pre3時的錯誤信息
還有我認為pam-mysql和mysql里所用的password函數應該是一樣的才對,不然開發者還讓我們怎麼用這個模塊呢?
《解決方案》

試試這樣編譯
# ./configure --with-openssl
# make install

原帖由 lingniao 於 2005-11-19 19:25 發表
我認為pam-mysql和mysql里所用的password函數應該是一樣的才對,不然開發者還讓我們怎麼用這個模塊呢?
試試就知道了
《解決方案》

厲害啊,老大,真的是這樣!!!,高手,佩服佩服。。。。。。。
《解決方案》

不過呢,偶現在又有新的問題,我在make 編譯vsftpd-2.0.3的時候,如果改動builddeps.h中undef  VSF_BUILD_SSL為define VSF_BUILD_SSL,那麼就會出錯
/usr/local/vsftpd-2.0.3#make
gcc -c ssl.c -O2 -Wall -W -Wshadow -idirafter dummyinc
In file included from /usr/include/openssl/ssl.h:179,
from ssl.c:26:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
from ssl.c:26:
/usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype"
/usr/include/openssl/kssl.h:136: syntax error before '*' token
/usr/include/openssl/kssl.h:137: syntax error before '}' token
/usr/include/openssl/kssl.h:149: syntax error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:149: syntax error before '*' token
/usr/include/openssl/kssl.h:150: syntax error before '*' token
/usr/include/openssl/kssl.h:151: syntax error before '*' token
/usr/include/openssl/kssl.h:151: syntax error before '*' token
/usr/include/openssl/kssl.h:152: syntax error before '*' token
/usr/include/openssl/kssl.h:153: syntax error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:153: syntax error before '*' token
/usr/include/openssl/kssl.h:155: syntax error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:155: syntax error before '*' token
/usr/include/openssl/kssl.h:157: syntax error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:157: syntax error before '*' token
/usr/include/openssl/kssl.h:159: syntax error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:159: syntax error before '*' token
/usr/include/openssl/kssl.h:161: syntax error before "context"
/usr/include/openssl/kssl.h:162: syntax error before "kssl_build_principal_2"
/usr/include/openssl/kssl.h:162: syntax error before "context"
/usr/include/openssl/kssl.h:165: syntax error before "kssl_validate_times"
/usr/include/openssl/kssl.h:165: syntax error before "atime"
/usr/include/openssl/kssl.h:167: syntax error before "kssl_check_authent"
/usr/include/openssl/kssl.h:167: syntax error before '*' token
/usr/include/openssl/kssl.h:169: syntax error before "enctype"
In file included from ssl.c:26:
/usr/include/openssl/ssl.h:909: syntax error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: syntax error before '}' token
ssl.c: In function `ssl_init':
ssl.c:46: warning: declaration of `options' shadows a global declaration
/usr/include/openssl/ssl.h:925: warning: shadowed declaration is here
make: *** Error 1
請問這該如何是好???
《解決方案》

用rpm命令檢查有沒有安裝這個包 krb5-devel
rpm -qa |grep -i krb5-devel

沒有的話,安裝這個包后再試
《解決方案》

回復 9樓 wolfg 的帖子

部分rpm -ql krb5-devel的顯示如下 ,我在想是不是這個軟體包的目錄和vsftpd要示的有點區別?
# rpm -ql krb5-devel
/etc/profile.d/krb5.csh
/etc/profile.d/krb5.sh
/usr/kerberos
/usr/kerberos/bin
/usr/kerberos/bin/krb5-config
/usr/kerberos/bin/sclient
/usr/kerberos/include
/usr/kerberos/include/asn.1
/usr/kerberos/include/com_err.h
/usr/kerberos/include/gssapi
/usr/kerberos/include/gssapi/gssapi.h
/usr/kerberos/include/gssapi/gssapi_generic.h
/usr/kerberos/include/gssapi/gssapi_krb5.h
/usr/kerberos/include/kerberosIV
/usr/kerberos/include/kerberosIV/des.h
/usr/kerberos/include/kerberosIV/kadm.h
/usr/kerberos/include/kerberosIV/krb.h
/usr/kerberos/include/kerberosIV/krb_err.h
/usr/kerberos/include/kerberosIV/mit-copyright.h
/usr/kerberos/include/krb5.h
/usr/kerberos/include/libpty.h
/usr/kerberos/include/mit-sipb-copyright.h
/usr/kerberos/include/port-sockets.h
/usr/kerberos/include/profile.h
/usr/kerberos/lib/libcom_err.a
/usr/kerberos/lib/libcom_err.so
/usr/kerberos/lib/libdes425.a
/usr/kerberos/lib/libdes425.so
/usr/kerberos/lib/libdyn.a
/usr/kerberos/lib/libdyn.so
/usr/kerberos/lib/libgssapi_krb5.a

[火星人 ] vsftp1.2+mysql4.1+pam_mysql0.5在RedHat AS4(32bit)下好像是有bug已經有649次圍觀

http://coctec.com/docs/service/show-post-26992.html