Re: [Nss-mysql-users] auth failing with non-priv users

[Geist, Dan (CCI-Atlanta)]

Hmm, looks like changing the UNIX_TIMESTAMP allowed things to work
(using ssh, for example, I can now login with mysql-only users), but I
didn't know that password changing was not allowed via nss. Perhaps I'll
need to use something like pam_mysql for that to be seamless with system
password tools.

In any case, it seems odd that the password hash is in shadow format,
and is stored in mysql, but you can't use any mysql tools to generate a
hash of that type... i.e. you must generate a password outside then
write it to mysql in its raw form...

If I use pam_mysql, how would I disable the authentication portion of
nss_mysql and only use it for other user info and group lookups?

Thanks.
Dan

On Thu, 2002-07-11 at 05:28, Guillaume Morin wrote:

Hi Dan,

Dans un message du 10 jui à 14:18, Geist, Dan (CCI-Atlanta) écrivait :

> address@hidden dgeist]$ passwd dan
> passwd: Only root can specify a username

You cannot change your nss-mysql users password with passwd. NSS is just
a method of lookup, it does *not* handle changing information. You'll
have to write a shell script or something for that.

> Oh, I do have:
> shadow.lastchange_column = user.lastchange;
> in the nss-mysql-root.conf file and that row in the table is an
int(16)
> with default 0. Don't know if that matters...

Hmm, 0 is too low. This field should be an unix timestamp, so that means
that you changed the password in 1970, that may seem too old for your
system. Try replacing "user.lastchange" by "UNIX_TIMESTAMP()-10". If it
works, fix your database.

> I have a feeling that the password hash algoritm is incorrect, but
> that's not substantiated. Any ideas?

If you've pasted the hash from /etc/shadow, it should work flawlessly.

-- 
Dan Geist | address@hidden | 404.269.6822
Security Engineer(lmot) | Cox Communications Inc.