pam-mysql 验证 bug 的最佳解决方案

昨天我在配置 mysql 验证的 OpenVPN 时遇到了 pam-mysql 的验证 bug,当时使用的是

export LD_PRELOAD=/lib/

这个 walk around。今天继续 Google 后,发现网上已经有可用的 patch,步骤如下:

cd /usr/src
tar zxvf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1


---   2008-07-14 10:25:53.000000000 +0200
+++ 2008-07-14 10:26:06.000000000 +0200
@@ -110,7 +110,7 @@
-pam_mysql_la_LIBADD =
+pam_mysql_la_LIBADD = -lpam
 pam_mysql_la_OBJECTS =  pam_mysql.lo

有读者反应直接复制上面代码 patch 时候报错,我试了试还真是,有问题的下载下面这个附件然后改名成 吧:


打 patch,编译安装

patch -p0 <
make install
/etc/init.d/openvpn restart

重新测试连接 OpenVPN,工作正常!

PS:如果你的系统是 Debian 的话,squeeze 的 testing 源里面已经有了加入这个 patch 的新版 libpam-mysql,版本号为 0.7~RC1-4


This entry was posted in 我的慵懒生活, 电脑相关 and tagged , , , , , . Bookmark the permalink.

15 Responses to pam-mysql 验证 bug 的最佳解决方案

  1. Pingback: 使用 Mysql 验证 OpenVPN 用户笔记 | gkp's post

  2. Pingback: Tweets that mention pam-mysql 验证 bug 的最佳解决方案 | gkp's post --

  3. ym says:

    luckypoem:/usr/src/pam_mysql-0.7RC1# nano
    luckypoem:/usr/src/pam_mysql-0.7RC1# patch p0 <
    -bash: patch: command not found

  4. ym says:

    我安装了patch,在/usr/src/pam_mysql-0.7RC1里面明明有,怎么提示No such file or directory?
    luckypoem:/usr/src/pam_mysql-0.7RC1# ls
    COPYING NEWS config.log missing pkg.m4
    CREDITS README config.sub mkinstalldirs
    ChangeLog acinclude.m4 configure pam_mysql.c
    INSTALL aclocal.m4 pam_mysql.spec config.guess install-sh
    luckypoem:/usr/src/pam_mysql-0.7RC1# patch p0 <
    patch: **** Can't find file p0 : No such file or directory

    • gkp says:

      汗,是patch -p0 <,之前文章里面的"-"好像被 wp 自动转义了。。。错误提示里面的 no such file 提示的是 p0。。。 用正确的命令行再试试看?原文也改了。

  5. ym says:


    luckypoem:/usr/src/pam_mysql-0.7RC1# patch -p0 <
    patching file
    Hunk #1 FAILED at 110.
    1 out of 1 hunk FAILED -- saving rejects to file

    • gkp says:

      试了下还真不行,好像还是 wordpress 的问题,怎么复制都不对。。。我存成 txt 附件上传了,直接下载吧。WP 这个转义问题真是头疼啊。

  6. ym says:


  7. ym says:

    luckypoem:/usr/src/pam_mysql-0.7RC1# nano
    luckypoem:/usr/src/pam_mysql-0.7RC1# patch -p0 <
    patching file
    luckypoem:/usr/src/pam_mysql-0.7RC1# ./configure
    checking for a BSD-compatible install... /usr/bin/install -c
    checking whether build environment is sane... yes
    checking whether make sets $(MAKE)... no
    checking for working aclocal-1.4... missing
    checking for working autoconf... missing
    checking for working automake-1.4... missing
    checking for working autoheader... missing
    checking for working makeinfo... missing
    checking whether to enable maintainer-specific portions of Makefiles... no
    checking for bison... no
    checking for byacc... no
    checking for g++... no
    checking for c++... no
    checking for gpp... no
    checking for aCC... no
    checking for CC... no
    checking for cxx... no
    checking for cc++... no
    checking for cl... no
    checking for FCC... no
    checking for KCC... no
    checking for RCC... no
    checking for xlC_r... no
    checking for xlC... no
    checking for C++ compiler default output file name... configure: error: C++ comp iler cannot create executables
    See `config.log' for more details.


  8. ym says:

    patch -p0 8192] S=[8192->8192]
    Mon Aug 23 12:47:45 2010 UDPv4 link local: [undef]
    Mon Aug 23 12:47:45 2010 UDPv4 link remote:
    Mon Aug 23 12:47:45 2010 TLS: Initial packet from, sid=5608f5f6 f47007a3
    Mon Aug 23 12:47:45 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Aug 23 12:47:46 2010 VERIFY OK: depth=1, /C=cn/ST=gd/L=sz/O=luckypoem/OU=sales/CN=ym/
    Mon Aug 23 12:47:46 2010 VERIFY OK: nsCertType=SERVER
    Mon Aug 23 12:47:46 2010 VERIFY OK: depth=0, /C=cn/ST=gd/L=sz/O=luckypoem/OU=sales/CN=ym/
    Mon Aug 23 12:48:45 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mon Aug 23 12:48:45 2010 TLS Error: TLS handshake failed
    Mon Aug 23 12:48:45 2010 TCP/UDP: Closing socket
    Mon Aug 23 12:48:45 2010 SIGUSR1[soft,tls-error] received, process restarting

    提示TLS key negotiation failed。我用证书连接则一切正常。谢谢回复

  9. ym says:

    tls-auth ta.key 0 是干什么用的?我以前配置openvpn证书连接时,根本不需要tls-auth ta.key 0,现在是否一定要搞tls-auth ta.key 0?如何生成ta.key呢?

Leave a Reply

Your email address will not be published. Required fields are marked *

9 − five =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>