Forum / Remote Desktop Manager - Feature Request

mariaDB datasource + pam_auth.so plugin

  • Create an Issue
  • Cancel

Good day,

I managed to set up mariadb galera cluster and tried to use it as data source for RDM.

Unfortunately I discovered that we cannot use users authenticated via pam_auth plugin.
Only mariaDB local accounts work.

Attempt to use account gives this error:
"Client does not support authentication protocol requested by server; consider upgrading MariaDB client"

but test connection via HeidiSQL works so I know that user is set up properly.

This is very important feature as would enable us to use domain accounts to authenticate and access RDM data.

Unfortunately authentication_windows plugin is not an option as it works only under Windows+MariaDB but we have Lunux+MariaDB

Clock2 yrs

We will need to research to see if the pam_auth plugin is supported with the third party component we us to connect to mariaDB/MySQL.

I've assigned to a dev to investigate.

Best regards,

Stefane Lavergne

signaturesignature

Clock2 yrs

I'm not an expert of mariaDB or pam_auth.

I've researched but couldn't find anything definitive. If you know what a ADO.NET driver connection string with pam_auth looks like can use the Advanced Settings of RDM data source configuration Advanced tab to set it the missing property accordingly.

Here is the list of allowed connection string options: http://dev.mysql.com/doc/connector-net/en/connector-net-connection-options.html

If an option you want use does not exist in the screen simply double click on an existing option and rename it accordingly.

2016 12 05 14 54 44

You could try updating the MySQL.Data.dll, you can download the latest version from here: https://dev.mysql.com/downloads/connector/net/
Open the zip and copy over the MySQL.Data.dll contained in the RDM folder.

Best regards,

Stefane Lavergne

signaturesignature

2016-12-05_14-54-44.png
Clock2 yrs

Hi, Stefane

I tried latest MySQL.Data.dll and seems I narrowed down the issue.
users who authenticate via PAM can have bit different auth logic. There can be prompts for extra bits (e.g. two factor auth, e.t.c.).

here is what I got when I tried dll version 6.9.9


MySql.Data.MySqlClient.MySqlException (0x80004005): Authentication method 'dialog' not supported by any of the available plugins.
at MySql.Data.MySqlClient.Authentication.AuthenticationPluginManager.GetPlugin(String method)
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.GetPlugin(String method, NativeDriver driver, Byte[] authData)
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.HandleAuthChange(MySqlPacket packet)
at MySql.Data.MySqlClient.Authentication.MySqlAuthenticationPlugin.Authenticate(Boolean reset)
at MySql.Data.MySqlClient.NativeDriver.Authenticate(String authMethod, Boolean reset)
at MySql.Data.MySqlClient.NativeDriver.Open()
at MySql.Data.MySqlClient.Driver.Open()
at MySql.Data.MySqlClient.Driver.Create(MySqlConnectionStringBuilder settings)
at MySql.Data.MySqlClient.MySqlPool.CreateNewPooledConnection()
at MySql.Data.MySqlClient.MySqlPool.GetPooledConnection()
at MySql.Data.MySqlClient.MySqlPool.TryToGetDriver()
at MySql.Data.MySqlClient.MySqlPool.GetConnection()
at MySql.Data.MySqlClient.MySqlConnection.Open()
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.GetData(String sql, IDbDataParameter[] parameters)
at Devolutions.RemoteDesktopManager.Business.DataSources.MySQLConnectionDataSource.GetDataSourceSettings()
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.c29fbd34504079a3525ca4c390d5d4074(BaseConnectionDataSource cf40b69955d088020784eb92737f0a505)

Clock2 yrs

Just checked that HeidiSQL has separate plugin dialog.dll
Guess that is used to handle authentication process.

and we can check in code what it really does

official MariaDB connector for C:
https://mariadb.com/my_portal/download/connector-c/2.3

Clock2 yrs

It looks like we would need to wrap the C/C++ library with our own .NET implementation using this guide.

http://dev.mysql.com/doc/connector-net/en/connector-net-programming-authentication-user-plugin.html

Not a trivial task we would need to investigate.

Stefane Lavergne

signaturesignature

Clock2 yrs

Sounds good
We can ignore this bit for now.

As soon as there is version to test please let me know.

I think everyone will benefit from this option.

Karlis

Clock2 yrs