[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nss-mysql-users] auth failing with non-priv users

From: Jason Clifford
Subject: Re: [Nss-mysql-users] auth failing with non-priv users
Date: Fri, 12 Jul 2002 10:46:50 +0100 (BST)

On Thu, 11 Jul 2002, Geist, Dan (CCI-Atlanta) wrote:

> Hmm, looks like changing the UNIX_TIMESTAMP allowed things to work
> (using ssh, for example, I can now login with mysql-only users), but I
> didn't know that password changing was not allowed via nss. Perhaps I'll
> need to use something like pam_mysql for that to be seamless with system
> password tools.

why not just write a small perl or whatever script to update the passwd in 
the database?

It is very simple.

> In any case, it seems odd that the password hash is in shadow format,
> and is stored in mysql, but you can't use any mysql tools to generate a
> hash of that type... i.e. you must generate a password outside then
> write it to mysql in its raw form...

Yes and that is very easy. Use the system crypt function with a salt in 
the form "'$1$' . (8 x random chars)"

> If I use pam_mysql, how would I disable the authentication portion of
> nss_mysql and only use it for other user info and group lookups?

Not necessary, you'd simply have to use pam aware applications and ensure 
that the pam config for them specifies pam_mysql instead of the standard 
system authentication modules.

Jason Clifford
UKPOST.COM                         get your @ukpost.com address now...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]