免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
12下一页
最近访问板块 发新帖
查看: 9966 | 回复: 19

[FTP] vsftp1.2+mysql4.1+pam_mysql0.5在RedHat AS4(32bit)下好像是有bug [复制链接]

论坛徽章:
0
发表于 2005-11-17 12:11 |显示全部楼层
小弟最近在研究在AS4在用VSftp和MySQL通过PAM-MySQL做虚拟用户,结果怎么登陆都不成功。
vsftpd.conf
guest_enble=yes
guest_username_vsftpguest
pam_service_name=vsftpvu
MySQL数据库配置我用vsftpguest本地登陆验证过了,肯定不会有问题.

/etc/PAM.d/vsftptvu
auth required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2
  account required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2
关健问题就出在PAM_MySQL上,如果用PAM_MySQL0.5中的pam_mysql.so,测试时会在/var/log/messege里显示
  PAM_MySQL:MySQL err Client does not support authentication protocal requested by server;considr upgrading MySQL client
而如果用PAM_MySQL0.6则根本就没有任何的显示. PAM_MySQL0.7更是MAKE不了。

看来我只能改用pureftp才能解决问题,郁闷ing............................
高手指教!!!

[ 本帖最后由 lingniao 于 2005-11-17 12:13 编辑 ]

论坛徽章:
0
发表于 2005-11-17 21:30 |显示全部楼层
PAM_MySQL0.7 MAKE不了,报什么错?你是怎么做的,能否说说?

crypt=2,用这种认证方式时,你的表里的password是怎么生成的。

仔细看看源代码里的INSTALL和README文件

论坛徽章:
0
发表于 2005-11-18 14:51 |显示全部楼层
mysql -p
  mysql>create database vsftpvu;
  mysql>use vsftpdvu;
  mysql>create table users(name char(16) binary,passwd char(16) binary);
  mysql>insert into users (name,passwd) values ('xiaotong',password('qqmywife'));
  mysql>insert into users (name,passwd) values ('xiaowang',password('ttmywife'));
  mysql>quit
 然后,授权vsftpguest可以读vsftpvu数据库的users表。执行以下命令:
   mysql -u root mysql -p
  mysql>grant select on vsftpvu.users to vsftpguest@localhost identified by 'i52serial0';
  mysql>quit

  然后我用vsftpguest本地登陆,
      mysql -pi52serial0 vsftpdvu
  mysql>select * from users;
  成功,列出xiaotong、xiaowang和加密后的密码

我参考的文章是http://www.21ds.net/article/_32/2004-08/09/356_1.html
且做了少许改动。vsftpdguest改成vsftpguest,vsftpdvu改成vsftpvu,
我认为文章中少了一句话在/etc/vsftpd/vsftp.conf/中,于是我加入pam_service_name=vsftpvu,并把原来的pam_service_name注释掉。

论坛徽章:
0
发表于 2005-11-18 15:12 |显示全部楼层
请仔细看源代码里的README文件。
使用crypt=2时, pam-mysql加密密码的password函数和你在sql语句用户的password函数算法是不一样的

论坛徽章:
0
发表于 2005-11-19 19:25 |显示全部楼层

回复 4楼 wolfg 的帖子

[root@ASserver pam_mysql-0.7pre3]# make
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/security -I/usr/include    -g -O2 -I/usr/local/mysql/include/mysql    -c pam_mysql.c
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/security -I/usr/include -g -O2 -I/usr/local/mysql/include/mysql -c pam_mysql.c  -fPIC -DPIC -o .libs/pam_mysql.o
In file included from pam_mysql.c:124:
/usr/include/md5.h:27: syntax error before "UINT4"
/usr/include/md5.h:30: syntax error before '}' token
/usr/include/md5.h:38: syntax error before "PROTO_LIST"
/usr/include/md5.h:39: syntax error before "PROTO_LIST"
/usr/include/md5.h:41: syntax error before "PROTO_LIST"
/usr/include/md5.h:43: syntax error before "PROTO_LIST"
make: *** [pam_mysql.lo] Error 1
这是MAKE 0.7pre3时的错误信息
还有我认为pam-mysql和mysql里所用的password函数应该是一样的才对,不然开发者还让我们怎么用这个模块呢?

论坛徽章:
0
发表于 2005-11-21 11:00 |显示全部楼层
试试这样编译
  1. # ./configure --with-openssl
  2. # make install
复制代码

原帖由 lingniao 于 2005-11-19 19:25 发表
我认为pam-mysql和mysql里所用的password函数应该是一样的才对,不然开发者还让我们怎么用这个模块呢?

试试就知道了

论坛徽章:
0
发表于 2005-11-21 20:33 |显示全部楼层
厉害啊,老大,真的是这样!!!,高手,佩服佩服。。。。。。。

论坛徽章:
0
发表于 2005-11-21 21:30 |显示全部楼层
不过呢,偶现在又有新的问题,我在make 编译vsftpd-2.0.3的时候,如果改动builddeps.h中undef  VSF_BUILD_SSL为define VSF_BUILD_SSL,那么就会出错
/usr/local/vsftpd-2.0.3#make
gcc -c ssl.c -O2 -Wall -W -Wshadow -idirafter dummyinc
In file included from /usr/include/openssl/ssl.h:179,
from ssl.c:26:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
from ssl.c:26:
/usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype"
/usr/include/openssl/kssl.h:136: syntax error before '*' token
/usr/include/openssl/kssl.h:137: syntax error before '}' token
/usr/include/openssl/kssl.h:149: syntax error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:149: syntax error before '*' token
/usr/include/openssl/kssl.h:150: syntax error before '*' token
/usr/include/openssl/kssl.h:151: syntax error before '*' token
/usr/include/openssl/kssl.h:151: syntax error before '*' token
/usr/include/openssl/kssl.h:152: syntax error before '*' token
/usr/include/openssl/kssl.h:153: syntax error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:153: syntax error before '*' token
/usr/include/openssl/kssl.h:155: syntax error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:155: syntax error before '*' token
/usr/include/openssl/kssl.h:157: syntax error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:157: syntax error before '*' token
/usr/include/openssl/kssl.h:159: syntax error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:159: syntax error before '*' token
/usr/include/openssl/kssl.h:161: syntax error before "context"
/usr/include/openssl/kssl.h:162: syntax error before "kssl_build_principal_2"
/usr/include/openssl/kssl.h:162: syntax error before "context"
/usr/include/openssl/kssl.h:165: syntax error before "kssl_validate_times"
/usr/include/openssl/kssl.h:165: syntax error before "atime"
/usr/include/openssl/kssl.h:167: syntax error before "kssl_check_authent"
/usr/include/openssl/kssl.h:167: syntax error before '*' token
/usr/include/openssl/kssl.h:169: syntax error before "enctype"
In file included from ssl.c:26:
/usr/include/openssl/ssl.h:909: syntax error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: syntax error before '}' token
ssl.c: In function `ssl_init':
ssl.c:46: warning: declaration of `options' shadows a global declaration
/usr/include/openssl/ssl.h:925: warning: shadowed declaration is here
make: *** [ssl.o] Error 1
请问这该如何是好???

论坛徽章:
0
发表于 2005-11-22 09:34 |显示全部楼层
用rpm命令检查有没有安装这个包 krb5-devel
rpm -qa |grep -i krb5-devel

没有的话,安装这个包后再试

论坛徽章:
0
发表于 2005-11-23 20:22 |显示全部楼层

回复 9楼 wolfg 的帖子

部分rpm -ql krb5-devel的显示如下 ,我在想是不是这个软件包的目录和vsftpd要示的有点区别?
[root@ASserver root]# rpm -ql krb5-devel
/etc/profile.d/krb5.csh
/etc/profile.d/krb5.sh
/usr/kerberos
/usr/kerberos/bin
/usr/kerberos/bin/krb5-config
/usr/kerberos/bin/sclient
/usr/kerberos/include
/usr/kerberos/include/asn.1
/usr/kerberos/include/com_err.h
/usr/kerberos/include/gssapi
/usr/kerberos/include/gssapi/gssapi.h
/usr/kerberos/include/gssapi/gssapi_generic.h
/usr/kerberos/include/gssapi/gssapi_krb5.h
/usr/kerberos/include/kerberosIV
/usr/kerberos/include/kerberosIV/des.h
/usr/kerberos/include/kerberosIV/kadm.h
/usr/kerberos/include/kerberosIV/krb.h
/usr/kerberos/include/kerberosIV/krb_err.h
/usr/kerberos/include/kerberosIV/mit-copyright.h
/usr/kerberos/include/krb5.h
/usr/kerberos/include/libpty.h
/usr/kerberos/include/mit-sipb-copyright.h
/usr/kerberos/include/port-sockets.h
/usr/kerberos/include/profile.h
/usr/kerberos/lib/libcom_err.a
/usr/kerberos/lib/libcom_err.so
/usr/kerberos/lib/libdes425.a
/usr/kerberos/lib/libdes425.so
/usr/kerberos/lib/libdyn.a
/usr/kerberos/lib/libdyn.so
/usr/kerberos/lib/libgssapi_krb5.a
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP