maria-discuss team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Fabrizio!

On Jun 17, Fabrizio Gerardi wrote:
> Hi everyone,
> 
> I have problems with mariadb 10.3.15 in a centos 7 environment.
> 
> I configured mariadb to authenticate users via pam module while the
> system is a member of an active directory domain.
> 
> Everything works fine except that authentication process stops working
> after few hours.
> 
> Please note that only users authenticated via pam are facing this issue.
> Local users keep authenticating...
> 
> The moment I restart mariadb service everything works fine again.
> 
> Would you please confirm whether this issue is somewhat related with
> others I read will be fixed in next release (10.3.16) or not?

No, it doesn't look like something that 10.3.16 would fix.
There are no pam-related fixes in 10.3.16.

Do you have multiple concurrent users accessing MariaDB?

While I've never heard of the authentication process just stopping
working or anything related to the active directory pam modules,
we did have a case when MariaDB was crashing in some pam module that
used hardware tokens. It turned out that that particular pam module was
not multi-thread safe. Again, while I haven't heard anything like that
for active directory pam module or of that effect (authentication
stopping working), it's possible to be caused by the same thing.

in 10.4 we've reworked PAM plugin to not rely on the multi-thread safety
of OS pam modules.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx