← Back to team overview

maria-discuss team mailing list archive

pam / ldap auth



I installed mariadb using the stock debian packages, configured pam authentication, and configured a mysql pam module like this:

> /etc/pam.d/mysql
> auth      required       pam_winbind.so
> account   required       pam_winbind.so

As I also added the server to my AD domain, this basically gives my samba winbind users access to mysql using their windows credentials:

> root@mysqlserver:~# mysql -udomain_username -p
> Enter password: <windows_domain_password>
> Welcome to the MariaDB monitor.  Commands end with ; or \g.
> Your MariaDB connection id is 6
> Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
> Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
> Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
> MariaDB [(none)]>

So I was happy.

Initially. :-)

Until I found out this works only from the localhost mariadb is running on. Trying this from a remote mysql client gives:

> user@e7470 ~ $ mysql -udomain_user -p -h mysqlserver.full.address
> Enter password: ERROR 2059 (HY000): Authentication plugin 'dialog' cannot be loaded: /usr/lib/mysql/plugin/dialog.so: cannot open shared object file: No such file or directory

and searching on that remote server for /usr/lib/mysql/plugin/dialog.so gives no results:

> user@e7470 ~ $ dpkg --search /usr/lib/mysql/plugin/dialog.so
> dpkg-query: no path found matching pattern /usr/lib/mysql/plugin/dialog.so

Anyone here with a good suggestion how to make this work from a 'regular' remote mysql client?

But more fundamentally: is it possible to have mariadb ldap auth on a server, *without* requiring anything special on the client side?


Follow ups