percona-pam-for-mysql

  1. Bug #1086795
  2. Comment #1

Comment 1 for bug 1086795

Revision history for this message
Raghavendra D Prabhu (raghavendra-prabhu) wrote :

https://gist.github.com/b137adf6105afc0ba83c is where the PAM authentication fails.

Since, salt is NULL,

========
 helper_log_err(LOG_WARNING, "check pass; user unknown");
retval = PAM_USER_UNKNOWN;
============

and

=============================

 retval = helper_verify_password(user, pass, nullok);

 memset(pass, '\0', MAXPASS); /* clear memory of the password */

 /* return pass or fail */

 if (retval != PAM_SUCCESS) {
  if (!nullok || !blankpass) {
   /* no need to log blank pass test */
#ifdef HAVE_LIBAUDIT
   if (getuid() != 0)
    _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR);
#endif
   helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user);
  }
  return PAM_AUTH_ERR;
 } else {
         if (getuid() != 0) {
#ifdef HAVE_LIBAUDIT
   return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS);
#else
          return PAM_SUCCESS;
#endif
         }
  return PAM_SUCCESS;
 }

=======================================

hence, the message "password check failed for user ..." printed