percona-pam-for-mysql

Merge lp:~hrvojem/percona-pam-for-mysql/bug907483 into lp:percona-pam-for-mysql

  1. bug907483
  2. Merge into percona-pam-for-mysql
Proposed by Hrvoje Matijakovic
Status: Merged
Approved by: Laurynas Biveinis
Approved revision: 18
Merged at revision: 18
Proposed branch: lp:~hrvojem/percona-pam-for-mysql/bug907483
Merge into: lp:percona-pam-for-mysql
Diff against target: 33 lines (+14/-2)
2 files modified
doc/source/faq.rst (+13/-1)
doc/source/installation.rst (+1/-1)
To merge this branch: bzr merge lp:~hrvojem/percona-pam-for-mysql/bug907483
Reviewer Review Type Date Requested Status
Laurynas Biveinis (community) Approve
Review via email: mp+90426@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

It's better to suggest shadow group config first if possible, and leave running mysqld under root for testing only/as a last resort.

review: Needs Fixing
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

LGTM, thank you.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'doc/source/faq.rst'
2--- doc/source/faq.rst 2011-11-14 04:05:18 +0000
3+++ doc/source/faq.rst 2012-01-27 14:12:25 +0000
4@@ -27,4 +27,16 @@
5 Can I use the PAM plugin to authenticate against /etc/shadow?
6 =============================================================
7
8-Yes, but you will need to run mysqld as root so that the PAM libraries such as 'pam_unix.so` can access /etc/shadow.
9+Yes, you need to add the mysql user to the shadow group. Because PAM libraries, such as 'pam_unix.so', need to access /etc/shadow.
10+
11+For example this is how you can do it in *Ubuntu*: ::
12+
13+ root@lucid64:/var/lib/mysql# getent group shadow
14+ shadow:x:42:mysql
15+
16+ root@lucid64:/var/lib/mysql# ls -alhs /etc/shadow
17+ 4.0K -rw-r----- 1 root shadow 912 Dec 21 10:39 /etc/shadow
18+
19+After you restart mysqld for changes to take effect, pam_unix authentication will work.
20+
21+The other option is to run mysqld as root. This should be used for testing only or as a last resort method.
22
23=== modified file 'doc/source/installation.rst'
24--- doc/source/installation.rst 2011-11-14 04:05:18 +0000
25+++ doc/source/installation.rst 2012-01-27 14:12:25 +0000
26@@ -42,7 +42,7 @@
27
28 Most packages should do this for you, so this is likely only required with the binary tarballs.
29
30- In order to load the plugin into the working server, issue the following command: ::
31+In order to load the plugin into the working server, issue the following command: ::
32
33 mysql> INSTALL PLUGIN auth_pam_server SONAME 'auth_pam.so';
34

Subscribers

People subscribed via source and target branches