hormyajp / pam_sqlite3 Goto Github PK

Hi,
I was trying to implement an MD5 hashed password column and added the "pwd_type_column" variable with a column as explained.
I added the md5 password to the db and set the type to "md5" or "crypt". But unfortunately it has always used the default value which is "clear", as if the variable wouldnt been set.
Then I tried with the older "ledav-net/pam_sqlite" plugin and the "pw_type" variable. It worked now.

I assumed that something must be wrong with your newer version, so I added the older "pw_type" variable to the /etc/pam_sqlite3.conf. This also worked now!

So I guess there is either something wrong in your code or my setup is now fully broken from experimenting :D

Greetings
Robert

To be on pair with current, modern hash login standards
Thanks!

I've missed some (trivial but key) information in README to get this module working. Specifically:

*A suggested Sqlite3 table schema, for instance:
CREATE TABLE users (name TEXT PRIMARY KEY, password TEXT NOT NULL, hasexpired TEXT DEFAULT "0", needsnewpassword TEXT DEFAULT "0");
INSERT INTO users (name, password) VALUES ("pepe","1234");

*Some tips about PAM configuration in /etc/pam.d/common-{auth,account,password} files in Ubuntu/Debian or /etc/pam.d/systemd-auth in Fedora. For instance, put auth sufficient pam_sqlite3.so instead of auth required pam_sqlite3.so before existing pam_unix.so line and, optionally, comment pam_unix.so line, etc

*It is worth adding this information: #4

*On the other hand, link http://cormander.com/blog/2008/04/pam_sqlite3-module-available/ is dead
and compilation has been tested (by me) in Ubuntu 18.04.1 and Fedora 29.

Thanks!

The test application produced by make test fails:

PAM started.
Authentication failed: Authentication failure
Access denied: Authentication failure
Changing authentication token...
Failed: Authentication token manipulation error

I get the impression it's not actually testing the module, but I don't know enough about it to diagnose the problem properly.

Hello.
I think a common project using https://github.com/agamez/libnss-sqlite3 would be a great idea to have a self-contained, unified solution to get rid of /etc/passwd, /etc/shadow, /etc/group in order to be able to login into a Linux system.
Thanks

I happen to not found the dependencies you need in the README section, if someone has the same isue there they are: libsqlite3-dev libpam0g-dev