Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not accepting username with @ #5

Open
GoogleCodeExporter opened this issue May 7, 2015 · 0 comments
Open

not accepting username with @ #5

GoogleCodeExporter opened this issue May 7, 2015 · 0 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

I set up pwauth with mod_authnz_external
and it works fine pulling id's from pam_mysql using a pretty standard setup and 
restricting users to the web group.

root@marvin:~# cat /etc/pam.d/pwauth
auth    required    pam_succeed_if.so quiet_success user ingroup web
auth    sufficient  pam_mysql.so \
  user=nss-shadow \
  passwd=secret \
  db=nss_mysql \
  table=user \
  usercolumn=user_name \
  passwdcolumn=password \
  crypt=1 \
  verbose=0
auth    requisite   pam_deny.so
auth    required    pam_permit.so
account sufficient  pam_mysql.so \
  user=nss-shadow \
  passwd=secret \
  db=nss_mysql \
  table=user \
  usercolumn=user_name \
  passwdcolumn=password \
  crypt=1 \
  verbose=0
account requisite   pam_deny.so
account required    pam_permit.so

root@marvin:~# pwauth
arjag
secret
root@marvin:~# echo $?
0

Ok, so all good.

If i adjust the file;
root@marvin:~# cat /etc/pam.d/pwauth
# group checking removed for testing
# auth    required    pam_succeed_if.so quiet_success user ingroup web
auth    sufficient  pam_mysql.so \
  user=postfix \
  passwd=secret \
  host=localhost \
  db=postfix \
  table=mailbox \
  usercolumn=username \
  passwdcolumn=password \
  crypt=1 \
  md5=1 \
  verbose=0
auth    sufficient  pam_mysql.so \
  user=nss-shadow \
  passwd=secret \
  db=nss_mysql \
  table=user \
  usercolumn=user_name \
  passwdcolumn=password \
  crypt=1 \
  verbose=0
auth    requisite   pam_deny.so
auth    required    pam_permit.so
account sufficient  pam_mysql.so \
  user=postfix \
  passwd=secret \
  host=localhost \
  db=postfix \
  table=mailbox \
  usercolumn=username \
  passwdcolumn=password \
  crypt=1 \
  md5=1 \
  verbose=0
account sufficient  pam_mysql.so \
  user=nss-shadow \
  passwd=secret \
  db=nss_mysql \
  table=user \
  usercolumn=user_name \
  passwdcolumn=password \
  crypt=1 \
  verbose=0
account requisite   pam_deny.so
account required    pam_permit.so

if I try any of the accounts with "@" in the username (from the postfix 
database) I always get failure;
root@marvin:~# pwauth (this one is just a test to show /etc/init.d/pwauth still 
works)
arjag
secret
root@marvin:~# echo $?
0
root@marvin:~# pwauth
arjag@y42.biz
secret
root@marvin:~# echo $?
1
root@marvin:~# pwauth
arjag\@y42.biz
root@marvin:~# echo $?
1

I think this should work as it does not seem to be a pam limitation as on the 
same host I can do;

root@marvin:~# testsaslauthd -u arjag -p secret -f 
/var/spool/postfix/var/run/saslauthd/mux -s pwauth
0: OK "Success."
root@marvin:~# testsaslauthd -u arjag@y42.biz -p secret -f 
/var/spool/postfix/var/run/saslauthd/mux -s pwauth
0: OK "Success."

I have set verbose to 1 and it appears pwauth simply refuses to pass on a 
username with @

Thanks for your time, 

R,

Todd

Original issue reported on code.google.com by tthornh...@gmail.com on 27 Apr 2012 at 8:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter