percona-pam-for-mysql

Merge lp:~hrvojem/percona-pam-for-mysql/bug907483 into lp:percona-pam-for-mysql

  1. bug907483
  2. Merge into percona-pam-for-mysql
Proposed by Hrvoje Matijakovic
Status: Merged
Approved by: Laurynas Biveinis
Approved revision: 18
Merged at revision: 18
Proposed branch: lp:~hrvojem/percona-pam-for-mysql/bug907483
Merge into: lp:percona-pam-for-mysql
Diff against target: 33 lines (+14/-2)
2 files modified
doc/source/faq.rst (+13/-1)
doc/source/installation.rst (+1/-1)
To merge this branch: bzr merge lp:~hrvojem/percona-pam-for-mysql/bug907483
Reviewer Review Type Date Requested Status
Laurynas Biveinis (community) Approve
Review via email: mp+90426@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

It's better to suggest shadow group config first if possible, and leave running mysqld under root for testing only/as a last resort.

review: Needs Fixing
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

LGTM, thank you.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'doc/source/faq.rst'
--- doc/source/faq.rst 2011-11-14 04:05:18 +0000
+++ doc/source/faq.rst 2012-01-27 14:12:25 +0000
@@ -27,4 +27,16 @@
27Can I use the PAM plugin to authenticate against /etc/shadow?27Can I use the PAM plugin to authenticate against /etc/shadow?
28=============================================================28=============================================================
2929
30Yes, but you will need to run mysqld as root so that the PAM libraries such as 'pam_unix.so` can access /etc/shadow.30Yes, you need to add the mysql user to the shadow group. Because PAM libraries, such as 'pam_unix.so', need to access /etc/shadow.
31
32For example this is how you can do it in *Ubuntu*: ::
33
34 root@lucid64:/var/lib/mysql# getent group shadow
35 shadow:x:42:mysql
36
37 root@lucid64:/var/lib/mysql# ls -alhs /etc/shadow
38 4.0K -rw-r----- 1 root shadow 912 Dec 21 10:39 /etc/shadow
39
40After you restart mysqld for changes to take effect, pam_unix authentication will work.
41
42The other option is to run mysqld as root. This should be used for testing only or as a last resort method.
3143
=== modified file 'doc/source/installation.rst'
--- doc/source/installation.rst 2011-11-14 04:05:18 +0000
+++ doc/source/installation.rst 2012-01-27 14:12:25 +0000
@@ -42,7 +42,7 @@
4242
43Most packages should do this for you, so this is likely only required with the binary tarballs.43Most packages should do this for you, so this is likely only required with the binary tarballs.
4444
45 In order to load the plugin into the working server, issue the following command: ::45In order to load the plugin into the working server, issue the following command: ::
4646
47 mysql> INSTALL PLUGIN auth_pam_server SONAME 'auth_pam.so';47 mysql> INSTALL PLUGIN auth_pam_server SONAME 'auth_pam.so';
4848

Subscribers

People subscribed via source and target branches