Details
-
Type:
Technical task
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 10.0.19, 5.5.44
-
Fix Version/s: N/A
-
Component/s: Plugin - pam
-
Labels:
-
Environment:Linux
Description
Please state at the PAM Configuration section at
https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
to avoid using the pam_fprintd.so at the /etc/pam.conf , but instead an alternative would be to use pam_fprint.so
Root Cause MariaDB invokes the PAM plugin, which invokes libpam.so, that invokes pam_fprintd.so, here the crash occurs. A change in an errata seems to have changed the behaviour of the applications stack. pam_fprintd, where the crash occurred, is not now, nor has it even been multi-use thread-safe. The errata was delivered to fix issues with the old versions for the normal use case, this behaviour needed to be fixed. Fixing these cases did break the behaviour of the stack in use here with Mariadb (which uses pam_fprintd in multi-use/thread-safe contexts, while it is not safe for that use). So it was never garanted that pam_fprintd would work in multi-use/thread-safe. Now other scenarios were fixed in a way, which has this setup no longer working. To get pam_fprintd working in these multi-use/thread-safe contexts massive changes are required, to heavy for RHEL6. It is recommended to not use the PAM system from applications not running with root permissions.
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions