Percona Server moved to https://jira.percona.com/projects/PS

Merge lp:~hrvojem/percona-server/ps-25 into lp:percona-server/5.5

  1. ps-25
  2. Merge into 5.5
Proposed by Hrvoje Matijakovic
Status: Merged
Approved by: Laurynas Biveinis
Approved revision: no longer in the source branch.
Merged at revision: 425
Proposed branch: lp:~hrvojem/percona-server/ps-25
Merge into: lp:percona-server/5.5
Diff against target: 123 lines (+80/-3)
4 files modified
doc/source/index.rst (+1/-0)
doc/source/installation.rst (+6/-2)
doc/source/management/pam_plugin.rst (+72/-0)
doc/source/release-notes/Percona-Server-5.5.24-26.0.rst (+1/-1)
To merge this branch: bzr merge lp:~hrvojem/percona-server/ps-25
Reviewer Review Type Date Requested Status
Laurynas Biveinis (community) Approve
Review via email: mp+146069@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) wrote :

   I am not sure if -DHAVE_PAM=O for FreeBSD should be used in
   addition to the other options or instead of them?

   Line 34: "it's been built" doesn't sound right to me but I'm not
   sure why. "it is built with the server by default" perhaps?
   Articles:
   In case the build environment
   in case the plugin isn't needed

review: Needs Fixing
Revision history for this message
Laurynas Biveinis (laurynas-biveinis) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'doc/source/index.rst'
2--- doc/source/index.rst 2013-01-30 10:01:50 +0000
3+++ doc/source/index.rst 2013-02-06 10:29:23 +0000
4@@ -129,6 +129,7 @@
5 management/secure_file_priv_extended
6 management/expanded_program_option_modifiers
7 management/changed_page_tracking
8+ management/pam_plugin
9
10 Diagnostics Improvements
11 ========================
12
13=== modified file 'doc/source/installation.rst'
14--- doc/source/installation.rst 2012-12-14 09:58:23 +0000
15+++ doc/source/installation.rst 2013-02-06 10:29:23 +0000
16@@ -134,8 +134,8 @@
17 The ``libmysqlclient-dev`` package contains header files needed to
18 compile software to use the client library.
19
20-The ``libmysqlclient16`` package contains the client shared
21-library. The ``16`` is a reference to the version of the shared
22+The ``libmysqlclient18`` package contains the client shared
23+library. The ``18`` is a reference to the version of the shared
24 library. The version is incremented when there is a ABI change that
25 requires software using the client library to be recompiled or their
26 source code modified.
27@@ -201,3 +201,7 @@
28 $ cmake . -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_CONFIG=mysql_release -DFEATURE_SET=community -DWITH_EMBEDDED_SERVER=OFF
29 $ make
30 $ make install
31+
32+.. note::
33+
34+ :ref:`pam_plugin` has been merged into |Percona Server| in :rn:`5.5.24-26.0` but it is not built with the server by default. In order to build the Percona Server with PAM plugin, additional option :option:`-DWITH_PAM=ON` should be used.
35
36=== added file 'doc/source/management/pam_plugin.rst'
37--- doc/source/management/pam_plugin.rst 1970-01-01 00:00:00 +0000
38+++ doc/source/management/pam_plugin.rst 2013-02-06 10:29:23 +0000
39@@ -0,0 +1,72 @@
40+.. _pam_plugin:
41+
42+===========================
43+ PAM Authentication Plugin
44+===========================
45+
46+Percona PAM Authentication Plugin is a free and Open Source implementation of the |MySQL|'s authentication plugin. This plugin acts as a mediator between the |MySQL| server, the |MySQL| client, and the PAM stack. The server plugin requests authentication from the PAM stack, forwards any requests and messages from the PAM stack over the wire to the client (in cleartext) and reads back any replies for the PAM stack.
47+
48+ PAM plugin uses dialog as its client side plugin. Dialog plugin can be loaded to any client application that uses :file:`libmysqlclient` library.
49+
50+Here are some of the benefits that Percona dialog plugin offers over the default one:
51+
52+ * It correctly recognizes whether PAM wants input to be echoed or not, while the default one always echoes the input on the user's console.
53+ * It can use the password which is passed to |MySQL| client via "-p" parameter.
54+ * Dialog client `installation bug <http://bugs.mysql.com/bug.php?id=60745>`_ has been fixed.
55+ * This plugin works on |MySQL| and |Percona Server|.
56+
57+Percona offers two versions of this plugin:
58+
59+ * Full PAM plugin called *auth_pam*. This plugin uses *dialog.so*. It fully supports the PAM protocol with arbitrary communication between client and server.
60+ * Oracle-compatible PAM called *auth_pam_compat*. This plugin uses *mysql_clear_password* which is a part of Oracle MySQL client. It also has some limitations, such as, it supports only one password input. You must use ``-p`` option in order to pass the password to *auth_pam_compat*.
61+
62+These two versions of plugins are physically different. To choose which one you want used, you must use *IDENTIFIED WITH 'auth_pam'* for auth_pam, and *IDENTIFIED WITH 'auth_pam_compat'* for auth_pam_compat.
63+
64+Installation
65+============
66+
67+This plugin requires manual installation because it isn't installed by default. ::
68+
69+ mysql> INSTALL PLUGIN auth_pam SONAME 'auth_pam.so';
70+
71+After the plugin has been installed it should be present in the plugins list. To check if the plugin has been correctly installed and active ::
72+
73+ mysql> SHOW PLUGINS;
74+ ...
75+ ...
76+ | auth_pam | ACTIVE | AUTHENTICATION | auth_pam.so | GPL |
77+
78+Configuration
79+=============
80+
81+In order to use the plugin, authentication method should be configured. Simple setup can be to use the standard UNIX authentication method (``pam_unix``).
82+
83+.. note::
84+
85+ To use ``pam_unix``, mysql will need to be added to the shadow group in order to have enough privileges to read the /etc/shadow.
86+
87+A sample `/etc/pam.d/mysqld` file: ::
88+
89+ auth required pam_unix.so
90+ account required pam_unix.so
91+
92+For added information in the system log, you can expand it to be: ::
93+
94+ auth required pam_warn.so
95+ auth required pam_unix.so audit
96+ account required pam_unix.so audit
97+
98+Creating a user
99+================
100+
101+After the PAM plugin has been configured, users can be created with the PAM plugin as authentication method ::
102+
103+ mysql> CREATE USER 'newuser'@'localhost' IDENTIFIED WITH auth_pam;
104+
105+This will create a user ``newuser`` that can connect from ``localhost`` who will be authenticated using the PAM plugin. If the ``pam_unix`` method is being used user will need to exist on the system.
106+
107+Version Specific Information
108+============================
109+
110+ * :rn:`5.5.24-26.0`
111+ PAM authentication plugin has been integrated with |Percona Server|.
112
113=== modified file 'doc/source/release-notes/Percona-Server-5.5.24-26.0.rst'
114--- doc/source/release-notes/Percona-Server-5.5.24-26.0.rst 2012-09-18 05:04:43 +0000
115+++ doc/source/release-notes/Percona-Server-5.5.24-26.0.rst 2013-02-06 10:29:23 +0000
116@@ -11,7 +11,7 @@
117 Features
118 ========
119
120- * Percona PAM authentication plugin has now been integrated into the |Percona Server|.
121+ * Percona :ref:`pam_plugin` has now been integrated into the |Percona Server|.
122
123 * |Percona Server| has implemented variable :variable:`enforce_storage_engine` which can be used for enforcing the use of a specific storage engine.
124

Subscribers

People subscribed via source and target branches