← Back to team overview

maria-discuss team mailing list archive

  1. maria-discuss team
  2. Mailing list archive
  3. Message #06071

sssd with authentication plugin pam

  Thread PreviousDate PreviousThread Next 
Hi, I'm having issues getting the pam plugin to work with Rocky Linux 8
(RHEL 8) with AppStream MariaDB 10.5.  I've installed mariadb appstream for
10.5 and mariadb-pam packages.

Added the following to /etc/my.cnf.d:
[mariadb]
plugin_load_add = auth_pam

My sssd is joined to Active Directory.  I've created /etc/pam.d/mariadb
trying both local pam_unix and pam_sss configurations:
# /etc/pam.d/mariadb for local accounts
auth required pam_unix.so audit
account required pam_unix.so audit

# /etc/pam.d/mariadb for sssd active directory accounts
auth required pam_sss.so
account required pam_sss.so

Tried creating local accounts with:
#CREATE USER 'user'@'%' IDENTIFIED VIA pam USING 'mariadb';
#GRANT SELECT ON db.* TO 'user'@'%' IDENTIFIED VIA pam;
#CREATE USER 'user2'@'%' IDENTIFIED VIA pam;
#GRANT SELECT ON db.* TO 'user2'@'%' IDENTIFIED VIA pam;

I've also tried creating AD accounts:
#CREATE USER 'aduser'@'%' IDENTIFIED VIA pam USING 'mariadb';
#GRANT SELECT ON db.* TO 'aduser'@'%' IDENTIFIED VIA pam;
#CREATE USER 'aduser@xxxxxxxxxxx'@'%' IDENTIFIED VIA pam USING 'mariadb';
#GRANT SELECT ON db.* TO 'aduser@xxxxxxxxxxx'@'%' IDENTIFIED VIA pam;

I see Redhat has issues with MariaDB 10.3 working with pam plugin but it
sounded like 10.5 should work?
https://bugzilla.redhat.com/show_bug.cgi?id=1942330

I feel like I'm missing something in my /etc/sssd/sssd.conf file or some
pam configuration steps.

I'm using authselect with sssd:
authselect select custom/user-profile with-mkhomedir with-sudo
with-pamaccess

All attempts to `mysql -u user -p` fail.

MariaDB [(none)]> show plugins;
| pam                           | ACTIVE   | AUTHENTICATION     |
auth_pam.so | GPL     |

I tried adding a [pam] section to sssd.

[pam]
pam_public_domains = all
pam_verbosity = 3

Didn't seem to help.  I used realmd to join AD.  Any help is much
appreciated.

mysql -u user -p
Enter password:
ERROR 1045 (28000): Access denied for user 'user'@'localhost' (using
password: NO)

Follow ups

  Thread PreviousDate PreviousThread Next