pam-mysql 验证 bug 的最佳解决方案

昨天我在配置 mysql 验证的 OpenVPN 时遇到了 pam-mysql 的验证 bug,当时使用的是

export LD_PRELOAD=/lib/libpam.so.0

这个 walk around。今天继续 Google 后,发现网上已经有可用的 patch,步骤如下:

cd /usr/src
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
tar zxvf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
vi patch.in

内容如下

--- Makefile.in.chold   2008-07-14 10:25:53.000000000 +0200
+++ Makefile.in 2008-07-14 10:26:06.000000000 +0200
@@ -110,7 +110,7 @@
 CPPFLAGS = @CPPFLAGS@
 LDFLAGS = @LDFLAGS@
 LIBS = @LIBS@
-pam_mysql_la_LIBADD =
+pam_mysql_la_LIBADD = -lpam
 pam_mysql_la_OBJECTS =  pam_mysql.lo
 CFLAGS = @CFLAGS@
 COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)

有读者反应直接复制上面代码 patch 时候报错,我试了试还真是,有问题的下载下面这个附件然后改名成 patch.in 吧:

pam_mysql-0.7RC1-patch

打 patch,编译安装

patch -p0 < patch.in
./configure
make
make install
/etc/init.d/openvpn restart

重新测试连接 OpenVPN,工作正常!

PS:如果你的系统是 Debian 的话,squeeze 的 testing 源里面已经有了加入这个 patch 的新版 libpam-mysql,版本号为 0.7~RC1-4

参考:

This entry was posted in 我的慵懒生活, 电脑相关 and tagged , , , , , . Bookmark the permalink.

15 Responses to pam-mysql 验证 bug 的最佳解决方案

  1. Pingback: 使用 Mysql 验证 OpenVPN 用户笔记 | gkp's post

  2. Pingback: Tweets that mention pam-mysql 验证 bug 的最佳解决方案 | gkp's post -- Topsy.com

  3. ym says:

    hi.出现如下错误:
    luckypoem:/usr/src/pam_mysql-0.7RC1# nano patch.in
    luckypoem:/usr/src/pam_mysql-0.7RC1# patch p0 < patch.in
    -bash: patch: command not found

  4. ym says:

    我安装了patch,在/usr/src/pam_mysql-0.7RC1里面明明有patch.in,怎么提示No such file or directory?
    luckypoem:/usr/src/pam_mysql-0.7RC1# ls
    COPYING NEWS config.log missing pkg.m4
    CREDITS README config.sub mkinstalldirs stamp-h.in
    ChangeLog acinclude.m4 configure pam_mysql.c
    INSTALL aclocal.m4 configure.in pam_mysql.spec
    Makefile.am config.guess install-sh pam_mysql.spec.in
    Makefile.in config.h.in ltmain.sh patch.in
    luckypoem:/usr/src/pam_mysql-0.7RC1# patch p0 < patch.in
    patch: **** Can't find file p0 : No such file or directory

    • gkp says:

      汗,是patch -p0 < patch.in,之前文章里面的"-"好像被 wp 自动转义了。。。错误提示里面的 no such file 提示的是 p0。。。 用正确的命令行再试试看?原文也改了。

  5. ym says:

    又出现错误:

    luckypoem:/usr/src/pam_mysql-0.7RC1# patch -p0 < patch.in
    patching file Makefile.in
    Hunk #1 FAILED at 110.
    1 out of 1 hunk FAILED -- saving rejects to file Makefile.in.rej
    luckypoem:/usr/src/pam_mysql-0.7RC1#

    • gkp says:

      试了下还真不行,好像还是 wordpress 的问题,怎么复制都不对。。。我存成 txt 附件上传了,直接下载吧。WP 这个转义问题真是头疼啊。

  6. ym says:

    我没看见txt附件的地址啊

  7. ym says:

    哦,看到patch.txt了。不过运行./configure时,出现问题:
    luckypoem:/usr/src/pam_mysql-0.7RC1# nano patch.in
    luckypoem:/usr/src/pam_mysql-0.7RC1# patch -p0 < patch.in
    patching file Makefile.in
    luckypoem:/usr/src/pam_mysql-0.7RC1# ./configure
    checking for a BSD-compatible install... /usr/bin/install -c
    checking whether build environment is sane... yes
    checking whether make sets $(MAKE)... no
    checking for working aclocal-1.4... missing
    checking for working autoconf... missing
    checking for working automake-1.4... missing
    checking for working autoheader... missing
    checking for working makeinfo... missing
    checking whether to enable maintainer-specific portions of Makefiles... no
    checking for bison... no
    checking for byacc... no
    checking for g++... no
    checking for c++... no
    checking for gpp... no
    checking for aCC... no
    checking for CC... no
    checking for cxx... no
    checking for cc++... no
    checking for cl... no
    checking for FCC... no
    checking for KCC... no
    checking for RCC... no
    checking for xlC_r... no
    checking for xlC... no
    checking for C++ compiler default output file name... configure: error: C++ comp iler cannot create executables
    See `config.log' for more details.

    似乎是我的vps没装很多东西?告诉我还要再装哪些东西,谢谢

  8. ym says:

    hi.以下做完了:
    patch -p0 8192] S=[8192->8192]
    Mon Aug 23 12:47:45 2010 UDPv4 link local: [undef]
    Mon Aug 23 12:47:45 2010 UDPv4 link remote: 67.202.105.135:443
    Mon Aug 23 12:47:45 2010 TLS: Initial packet from 67.202.105.135:443, sid=5608f5f6 f47007a3
    Mon Aug 23 12:47:45 2010 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Mon Aug 23 12:47:46 2010 VERIFY OK: depth=1, /C=cn/ST=gd/L=sz/O=luckypoem/OU=sales/CN=ym/emailAddress=luckypoem@gmail.com
    Mon Aug 23 12:47:46 2010 VERIFY OK: nsCertType=SERVER
    Mon Aug 23 12:47:46 2010 VERIFY OK: depth=0, /C=cn/ST=gd/L=sz/O=luckypoem/OU=sales/CN=ym/emailAddress=luckypoem@gmail.com
    Mon Aug 23 12:48:45 2010 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Mon Aug 23 12:48:45 2010 TLS Error: TLS handshake failed
    Mon Aug 23 12:48:45 2010 TCP/UDP: Closing socket
    Mon Aug 23 12:48:45 2010 SIGUSR1[soft,tls-error] received, process restarting

    提示TLS key negotiation failed。我用证书连接则一切正常。谢谢回复

  9. ym says:

    此文:http://www.chinaunix.net/jh/50/513004.html里的server.conf的一部分内容:
    tls-auth ta.key 0 是干什么用的?我以前配置openvpn证书连接时,根本不需要tls-auth ta.key 0,现在是否一定要搞tls-auth ta.key 0?如何生成ta.key呢?

Leave a Reply

Your email address will not be published. Required fields are marked *


5 + six =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>