pam_mysql module which incorporates an MD5 capable password checking alg. needs the option --with-openssl added and the applicable use flag or dependency. It will build fine but when you try to use the MD5 option it just throws invalid authentication attempts. I feel we need to add this as a dependency and set the configure script to run with the option --with-openssl. Please keep me posted as this is a production hosting issue and i would like to do what i can to fix this asap. I've verified this problem by downloading the source and building manualy with out that option and with the option. works as I would of expected. Thanks, Reproducible: Always Steps to Reproduce: 1. Use ebuild as is and authenticate to an Mysql Database table using md5 column 2. 3. Actual Results: User authentication will fail. applicable lines in pam.d/imap are: auth sufficient pam_mysql.so user=svcPamAuth passwd=*thepass* db=gendb crypt=2 sqllog=0 where=emailAcc=1 account sufficient pam_mysql.so user=svcPamAuth passwd=*thepass* db=gendb crypt=2 sqllog=0 where=emailAcc=1 Expected Results: properly authenticated user or have package option for ssl support (md5) --with-openssl Let me know what i can do to help!!!! Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.10-gentoo-r6 i686) ================================================================= System uname: 2.6.10-gentoo-r6 i686 AMD Athlon(tm) Processor Gentoo Base System version 1.4.16 dev-lang/python: 2.3.4 sys-apps/sandbox: 1.2.10 sys-devel/autoconf: 2.59-r5 sys-devel/automake: 1.8.5-r1 sys-devel/binutils: 2.14.90.0.8-r1 sys-devel/libtool: 1.5.2-r5 virtual/os-headers: 2.4.21-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-tbird -O3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-tbird -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X acl alsa apache2 apm arts avi berkdb bitmap-fonts crypt cups eds emboss encode foomaticdb fortran gd gdbm gif gnome gpm gstreamer gtk gtk2 imlib ipv6 jpeg kde kerberos ldap libg++ libwww mad mcal mikmod motif mp3 mpeg mysql ncurses nls ogg oggvorbis opengl oss pam pdflib perl png python qt quicktime quotas readline samba sdl spell ssl tcpd tiff truetype truetype-fonts type1-fonts vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Created attachment 67781 [details] New ebuild to fix issue Here is an updated ebuild for the version 6 of pam_mysql. I appended the r1 to the version. I think this should work; it might be advisable to make the ssl as a depend as opposed to an option due to no warning if that function not working, but I liked it as an option. Hope this helps.
Comment on attachment 67781 [details] New ebuild to fix issue ># Copyright 1999-2005 Gentoo Foundation ># Distributed under the terms of the GNU General Public License v2 ># $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_mysql/pam_mysql-0.6.0-r1.ebuild,v 1.1 2005/07/04 14:20:50 azarah Exp $ > >inherit libtool > >DESCRIPTION="pam_mysql is a module for pam to authenticate users with mysql" >HOMEPAGE="http://pam-mysql.sourceforge.net/" > >SRC_URI="mirror://sourceforge/pam-mysql/${P}.tar.gz" >DEPEND=">=sys-libs/pam-0.72 > >=dev-db/mysql-3.23.38 > ssl? ( dev-libs/openssl )" >LICENSE="GPL-2" >SLOT="0" >KEYWORDS="~alpha ~amd64 ~ppc ~sparc ~x86" >IUSE="ssl" > >src_unpack() { > unpack ${A} > > cd ${S} > elibtoolize >} > >src_compile() { > if use ssl ; then > ./configure --with-openssl > else > econf > fi > emake >} > >src_install() { > make DESTDIR=${D} install || die > > dodoc CREDITS ChangeLog NEWS README >}
Created attachment 67782 [details] Fixed ebuild and has correct header string Same as before except corrected header string with -r1
This issue has been pending for too long! I've fixed it but want someone with some knowledge about ebuilds to review my changes. I've tried my best to contribute, what else can i do as far as this bug???
Don't re-assign bugs to bug wranglers.
Don't get upset. Devs are busy with meetings and stuff ;) I think you can't run just ./configure --with-openssl instead of econf, did you check it picks up the correct --prefix? Anyway, I'm no ebuild expert either but I made one for version 0.6.2 today you might try this one too (dunno why --disable-static does not work, shouldn't create an .la at all)
Created attachment 69440 [details] ebuild for 0.6.2 based on 0.6, status is: "compiles on my box (P4 3.0GHz HT 2Gig)"
Hey; thanks for the response, and I do understand. They have always complied on my box. It's when you try to use the MD5 functionality. There are no errors; it just never authenticates a user leaving u thinking that it is a miss configuration when in fact it is not complied with that support. (I would think there should be an error to that effect, but there is not). (In reply to comment #7) > Created an attachment (id=69440) [edit] > ebuild for 0.6.2 based on 0.6, status is: "compiles on my box (P4 3.0GHz HT > 2Gig)"
Created attachment 80191 [details] 0.6.2 and 0.7_rc1 versions corrected Hi guys, I hope to have corrected thoses problems. In fact, this module was done on the Debian distrib and never found sasl2 or sll include on the gentoo system. I hope to have corrected the source, the acinclude.m4 and configure.in files to comply with the gentoo sasl's or ssl's include. Would it be possible that someone test them please ? Cyrius
Comment on attachment 80191 [details] 0.6.2 and 0.7_rc1 versions corrected See bug 123405
Marking as a dupe of the bump bug. There are many issues with pam_mysql which requires a new version of it in the tree to be reviewed. *** This bug has been marked as a duplicate of 120842 ***