1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
install plugin pam soname 'auth_pam.so';
create user test_pam identified via pam using 'mariadb_mtr';
create user pam_test;
grant proxy on pam_test to test_pam;
#
# athentication is successful, challenge/pin are ok
# note that current_user() differs from user()
#
Challenge input first.
Enter: *************************
Now, the magic number!
PIN: 9225
select user(), current_user(), database();
user() current_user() database()
test_pam@localhost pam_test@% test
#
# athentication is unsuccessful
#
Challenge input first.
Enter: *************************
Now, the magic number!
PIN: 9224
#
# athentication is unsuccessful
#
Challenge input first.
Enter: ****************
Now, the magic number!
PIN: 616
#
# athentication is successful
#
Now, the magic number!
PIN: 9212
select user(), current_user(), database();
user() current_user() database()
test_pam@localhost pam_test@% test
#
# athentication is unsuccessful
#
Now, the magic number!
PIN: 9212
#
# MDEV-26339 Account specifics to be handled before proxying
#
alter user pam_test account lock;
alter user pam_test require subject 'foobar';
alter user pam_test password expire;
Now, the magic number!
PIN: 9212
select user(), current_user(), database();
user() current_user() database()
test_pam@localhost pam_test@% test
alter user pam_test account unlock;
alter user pam_test require none;
alter user pam_test identified by '';
show create user pam_test;
CREATE USER for pam_test@%
CREATE USER `pam_test`@`%`
alter user test_pam account lock;
Now, the magic number!
PIN: 9212
alter user test_pam account unlock;
alter user test_pam require subject 'foobar';
Now, the magic number!
PIN: 9212
alter user test_pam require none;
alter user test_pam password expire;
Now, the magic number!
PIN: 9212
select user(), current_user(), database();
drop user test_pam;
drop user pam_test;
create user PAM_TEST identified via pam using 'mariadb_mtr';
#
# athentication is unsuccessful
#
Challenge input first.
Enter: *************************
Now, the magic number!
PIN: 9225
set global pam_winbind_workaround=1;
#
# athentication is successful
#
Challenge input first.
Enter: *************************
Now, the magic number!
PIN: 9225
select user(), current_user(), database();
user() current_user() database()
PAM_TEST@localhost PAM_TEST@% test
drop user PAM_TEST;
#
# MDEV-27341 Use SET PASSWORD to change PAM service
#
create user pam_test identified via pam using 'mariadb_mtr';
Challenge input first.
Enter: *************************
Now, the magic number!
PIN: 9225
select user(), current_user(), database();
user() current_user() database()
pam_test@localhost pam_test@% test
set password='foo';
ERROR HY000: SET PASSWORD is ignored for users authenticating via pam plugin
show create user;
CREATE USER for pam_test@%
CREATE USER `pam_test`@`%` IDENTIFIED VIA pam USING 'mariadb_mtr'
drop user pam_test;
uninstall plugin pam;
|
