目前,我们正在使用具有 ISO-8859-1 字符集的数据库客户端。Ubuntu 服务器正在使用 de_DE.utf8 运行。如果用户使用的用户名或密码包含 7 位 ASCII 以外的其他字符,我们就会遇到麻烦。
/etc/pam.d/informix
#
# Then PAM configuration file for the Shadow `informix' service
#
# More verbose
auth required pam_warn.so debug
# Environment
auth required pam_env.so readenv=1 envfile=/opt/IBM/informix/etc/locale user_readenv=0
# Disallows other than root logins when /etc/nologin exists
auth requisite pam_nologin.so
# Standard Un*x authentication.
@include common-auth
/opt/IBM/informix/etc/locale
LANG="de_DE"
LC_CTYPE="de_DE"
LC_ALL="de_DE"
但是 PAM 配置不起作用:
/var/log/auth.log(密码包含非 7 位 ASCII)
Jul 19 15:46:54 myhost oninit: pam_warn(informix:auth): function=[pam_sm_authenticate] service=[informix] terminal=[<unknown>] user=[myuser] ruser=[myuser] rhost=[myclient]
Jul 19 15:46:54 myhost oninit: [lsass-pam] [module:pam_lsass]pam_sm_authenticate error [login:myuser][error code:40067]
我还在 /opt/IBM/informix/etc/locale 中尝试了 LANG=de_DE.iso88591,但没有成功。哪里出了问题?
答案1
使用自行编写的 PAM 模块
.
.
/* Convert charset */
iso2utf((char*) pUsername, (char*) &szuser, sizeof(szuser));
iso2utf((char*) pPassword, (char*) &szpass, sizeof(szpass));
/* Setting pam items */
pam_set_item(pamh, PAM_USER, (char*) &szuser);
pam_set_item(pamh, PAM_AUTHTOK, (char*) &szpass);
.
.
它工作正常:
#
# Then PAM configuration file for the Shadow `informix' service
#
# Informix user + password conversion
auth sufficient informix_pam.so
# Disallows other than root logins when /etc/nologin exists
auth requisite pam_nologin.so
# LDAP authentication
auth required pam_lsass.so try_first_pass