Support » Installing WordPress » MariaDB authentication does not work when MariaDB is integrated with pam+ldap

  • Resolved rodrigorenie

    (@rodrigorenie)


    Hi everyone.

    I’ve setup wordpress on my page on a self hosted server with mariadb-10.3 and everything worked fine until I decided to integrate my mariadb installation with PAM (to authenticate using the user created locally on the server).

    The DB username is ‘casafamilia’ and what I did was to remove the current database user and add it again but now authenticating against PAM:

    
    MariaDB [(none)]> drop user casafamilia@localhost;
    Query OK, 0 rows affected (0.001 sec)
    
    MariaDB [(none)]> CREATE USER 'casafamilia'@'localhost' IDENTIFIED VIA pam;
    Query OK, 0 rows affected (0.001 sec)
    
    MariaDB [(none)]> GRANT ALL ON casafamilia.* TO casafamilia@localhost;
    Query OK, 0 rows affected (0.001 sec)
    

    On the command line, the user authenticates just fine:

    # mysql -u casafamilia -p casafamilia
    Enter password: 
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A
    
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 60
    Server version: 10.3.17-MariaDB MariaDB Server
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [casafamilia]>

    And I have also updated the wp-config.php with the correct password.

    When enabling de debug mode, the following message appears:

    Warning: mysqli_real_connect(): The server requested authentication method unknown to the client [dialog] in /var/www/casafamilia.org.br/wp-includes/wp-db.php on line 1612
    
    Warning: mysqli_real_connect(): (HY000/2054): The server requested authentication method unknown to the client in /var/www/casafamilia.org.br/wp-includes/wp-db.php on line 1612
    
    The server requested authentication method unknown to the client

    My guess is that the way WordPress authenticates users, specially considering it uses hash and salts to make it more secure, makes it incompatible with MariaDB+PAM.

    Any help would be much appreciated.

    • This topic was modified 7 months, 3 weeks ago by rodrigorenie.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • @rodrigorenie currently php can be accessed through libraries and through Mysqlnd you can only use it
    mysql_native_password (without plugin) https://mysqlserverteam.com/upgrading-to-mysql-8-0-default-authentication-plugin-considerations/.
    https://www.php.net/manual/en/mysqli.requirements.php

    I understand that newer MySQL (and MariaDB) version have changed the default authentication mechanism, but I don’t think that’s the case.

    If I created the user as described in this post, the user looks like this in the mysql database:

    
    [root@renie ~]# mysql -u root -p mysql
    Enter password: 
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A
    
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 76
    Server version: 10.3.17-MariaDB MariaDB Server
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [mysql]> select Host, User, Password, plugin from user where User = 'casafamilia';
    +-----------+-------------+----------+--------+
    | Host      | User        | Password | plugin |
    +-----------+-------------+----------+--------+
    | localhost | casafamilia |          | pam    |
    +-----------+-------------+----------+--------+
    1 row in set (0.001 sec)
    

    If I drop this user and create it again, but now not selecting the PAM module, the website works again:

    `
    MariaDB [mysql]> drop user casafamilia@localhost;
    Query OK, 0 rows affected (0.001 sec)

    MariaDB [mysql]> create user casafamilia@localhost identified by ‘<thepassword>’;
    Query OK, 0 rows affected (0.001 sec)

    MariaDB [mysql]> grant all on casafamilia.* to casafamilia@localhost;
    Query OK, 0 rows affected (0.001 sec)

    MariaDB [mysql]> select Host, User, Password, plugin from user where User = ‘casafamilia’;
    +———–+————-+——————————————-+——–+
    | Host | User | Password | plugin |
    +———–+————-+——————————————-+——–+
    | localhost | casafamilia | *8D1F8D2F46037C0132088E2A9DBCAF0268FA7360 | |
    +———–+————-+——————————————-+——–+
    1 row in set (0.001 sec)
    `

    Anyway, this is not a WordPress problem, but a PHP mysql implementation limitation, but I could not find a way to work around it.

    I’ve made a more generic post in Stack Overflow:

    https://stackoverflow.com/questions/58906232/php-cant-connect-to-mariadb-when-using-auth-pam-module-to-authenticate-databa

    The server requested authentication method unknown to the client

    the php client interfaces to the Mysqlnd C library (connector) which does not support other authentication methods besides the native one … I hope I have been clearer.
    For PHP 7.4 have support with caching_sha2_password (that is, besides the native method) https://github.com/php/php-src/commit/4f06e67ad2201390ed35a9ea6288a00c0b04782b#commitcomment-32356655

    Yes, thank you very much. Basically, I’m stuck with the native authentication method if I’m using PHP.

    There’s a solution, in the Stack Exchange link above, a user provided with a solution. Simply add:

    pam_use_cleartext_plugin = on

    in you MySQL/MariaDB [server] section and mysqli will connect successfully to the database.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘MariaDB authentication does not work when MariaDB is integrated with pam+ldap’ is closed to new replies.