PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : userauthentification via mysql



msi
11-10-2003, 13:32
Hallo,

ich versuche gerade ein Userauthentificationssystem via mysql zu machen, da es immer Probleme gibt, wenn mehrere User gleichzeitig ihre Passwörter ändern wollen (Wartezeit bis der andere fertig ist).
dazu habe ich libnss-mysql installiert und folgende tabellen angelegt:



CREATE TABLE groups (
group_id int(11) NOT NULL auto_increment primary key,
group_name varchar(30) DEFAULT '' NOT NULL,
status char(1) DEFAULT 'A',
group_password varchar(64) DEFAULT 'x' NOT NULL,
gid int(11) NOT NULL
);
CREATE TABLE user (
user_id int(11) NOT NULL auto_increment primary key,
user_name varchar(50) DEFAULT '' NOT NULL,
realname varchar(32) DEFAULT '' NOT NULL,
shell varchar(20) DEFAULT '/bin/sh' NOT NULL,
password varchar(40) DEFAULT '' NOT NULL,
status char(1) DEFAULT 'N' NOT NULL,
uid int(11) NOT NULL,
gid int(11) DEFAULT '65534' NOT NULL,
homedir varchar(32) DEFAULT '/bin/sh' NOT NULL
);
CREATE TABLE user_group (
user_id int(11) DEFAULT '0' NOT NULL,
group_id int(11) DEFAULT '0' NOT NULL
);
CREATE TABLE shadow (
user_id int(11) NOT NULL primary key,
user_name varchar(50) default '' not null,
password varchar(150) default '' not null,
);


mein nsswitch.conf :

passwd: files mysql
group: files mysql
shadow: files mysql

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis


meine /etc/nss-mysql.conf:


conf.version = 2;
users.host = inet:localhost:3306;
users.database = nss;
users.db_user = nss;
users.db_password = temp;
users.table = user;
users.where_clause = user.status = 'A';
users.user_column = user.user_name;
users.password_column = user.password;
users.userid_column = user.user_id;
users.uid_column = user.uid;
users.gid_column = user.gid;
users.realname_column = user.realname;
users.homedir_column = user.homedir;
users.shell_column = user.shell;
groups.group_info_table = groups;
groups.where_clause = groups.status = 'A';
groups.group_name_column = groups.group_name;
groups.groupid_column = groups.group_id;
groups.gid_column = groups.gid;
groups.password_column = groups.group_password;
groups.members_table = user_group;
groups.member_userid_column = user_group.user_id;
groups.member_groupid_column = user_group.group_id;


und zuletzt:


debian:/usr/share/doc/libnss-mysql/examples# cat /etc/nss-mysql-root.conf | grep ^[^#]
conf.version = 2;
shadow.host = inet:localhost:3306;
shadow.database = nss;
shadow.db_user = nss;
shadow.db_password = temp;
shadow.table = shadow;
shadow.where_clause = 'A';
shadow.userid_column = shadow.user_id;
shadow.user_column = shadow.user_name;
shadow.password_column = shadow.password;
shadow.lastchange_column = UNIX_TIMESTAMP()-10;
shadow.min_column = 1;
shadow.max_column = 2;
shadow.warn_column = 7;
shadow.inact_column = -1; # disabled
shadow.expire_column = -1; # disabled
debian:/usr/share/doc/libnss-mysql/examples#


per root kann ich ohne probleme per su ein ander user werden:


debian:~# su guillaume
su: Authentication service cannot retrieve authentication info.
(Ignored)
debian:/root$

wie man schon erkennen kann funktioniert nur das mit dem passwort nicht. ich kann mich also weder mit passwort anmelden noch das passwort dieses users ändern. (id, usw funktioniert)

hier sind noch die eingetragenen sachen:


mysql> select * from user;
+---------+-----------+-----------------+---------------+------------------------------+--------+------+-----+-----------------+
| user_id | user_name | realname | shell | password | status | uid | gid | homedir |
+---------+-----------+-----------------+---------------+------------------------------+--------+------+-----+-----------------+
| 101 | guillaume | Guillaume Morin | /bin/bash | $1$pp$FiHzni87Pc3CeOaG24jZV/ | A | 1001 | 3 | /home/guillaume |
| 102 | linus | Linus Torvalds | /bin/bash | $1$pp$FiHzni87Pc3CeOaG24jZV/ | A | 1002 | 3 | /home/linus |
| 103 | alan | Alan Cox | /usr/bin/tcsh | $1$pp$FiHzni87Pc3CeOaG24jZV/ | N | 0 | 3 | /tmp |
| 104 | delancie | Steve Brown | /usr/bin/bash | $1$pp$FiHzni87Pc3CeOaG24jZV/ | A | 1501 | 3 | /delancie |
+---------+-----------+-----------------+---------------+------------------------------+--------+------+-----+-----------------+

mysql> select * from groups;
+----------+------------+--------+----------------+------+
| group_id | group_name | status | group_password | gid |
+----------+------------+--------+----------------+------+
| 1 | nssmysql | A | x | 2001 |
| 2 | mail | A | x | 2002 |
| 3 | users | A | x | 500 |
+----------+------------+--------+----------------+------+

mysql> select * from user_group;
+---------+----------+
| user_id | group_id |
+---------+----------+
| 101 | 1 |
| 101 | 2 |
| 104 | 1 |
+---------+----------+

mysql> select * from shadow;
+---------+-----------+------------------------------+
| user_id | user_name | password |
+---------+-----------+------------------------------+
| 101 | guillaume | $1$pp$FiHzni87Pc3CeOaG24jZV/ |
| 102 | linus | $1$pp$FiHzni87Pc3CeOaG24jZV/ |
| 103 | alan | $1$pp$FiHzni87Pc3CeOaG24jZV/ |
| 104 | delancie | $1$pp$FiHzni87Pc3CeOaG24jZV/ |
+---------+-----------+------------------------------+


laut mysql.log wird nicht einmal auf die shadow table zugegriffen (access denied kommt auch nicht).