[2239] in linux-security and linux-alert archive
[linux-security] OFFTOPIC Re: How can I Authenticate via MySQL
daemon@ATHENA.MIT.EDU (Carlo Marcelo Arenas Belon)
Sun Oct 24 16:51:51 1999
Date: Sun, 24 Oct 1999 10:38:20 -0500 (PET)
From: Carlo Marcelo Arenas Belon <carenas@chasqui.lared.net.pe>
To: mfischer@josefine.ben.tuwien.ac.at
cc: Horms <horms@vergenet.net>,
Seyyed Hamid Reza Hashemi Golpayegani <hamid@morva.net>,
linux-security@redhat.com, recipient list not shown: ;
In-Reply-To: <19991024102553.A18338@josefine.ben.tuwien.ac.at>
Message-ID: <Pine.LNX.4.10.9910241025090.1145-100000@chasqui.lared.net.pe>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
> On Sat, Oct 23, 1999 at 04:52:19PM -0700, Horms wrote :
> > On Sat, Oct 23, 1999 at 03:09:41PM +0330, Seyyed Hamid Reza Hashemi Golpayegani wrote:
> > > I want to set up my Redhat 6.0 Linux machine to Authenticate username and
> > > password and other information for user that received from /etc/passwd &
> > > /etc/shadow from MySQL server
> >
> > Glibc supports arbitary databases for things like passwd, group and
> > shadow, through the nss mechanism.
>
> Correct me If I'm wrong, but shouldn't this task be done
> by PAM ? And AFAIK there exists allready an PAM module which does
> basic mysql authentication, try searching for pam_mysql.tgz.
actually you can use both of them, to make your user Authentication work
against a mysql server.
using PAM you can make your Authentication Server, really modular, i mean,
you could check you user/password on a mysql server, for your pop3, and
imap server but use the normal nss_map for console login or telnet
(usually /etc/passwd, /etc/group, /etc/shadow, but could be also a NIS
domain or any other "nss" directory servive)
there is a PAM module ready AFAIK (http://www.midnightklinux.com/mysql), i
don't know if there is any nss_mysql service.., but i would'n suggest to
use one (what if your mysql server can't start, and you can't even get a
root login into your box to fix it up)
if you want to go the "nss" way, you could be using nss_ldap
(http://www.padl.com/nss_ldap.html), and making you ldap server use your
mysql server as a repository.
HTH
Carlo
PS. i really don't thing this thread could be on this list, as this is a
"security" list not a development one
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
