[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nss-mysql-users] auth failing with non-priv users
From: |
Jason Clifford |
Subject: |
Re: [Nss-mysql-users] auth failing with non-priv users |
Date: |
Fri, 12 Jul 2002 10:46:50 +0100 (BST) |
On Thu, 11 Jul 2002, Geist, Dan (CCI-Atlanta) wrote:
> Hmm, looks like changing the UNIX_TIMESTAMP allowed things to work
> (using ssh, for example, I can now login with mysql-only users), but I
> didn't know that password changing was not allowed via nss. Perhaps I'll
> need to use something like pam_mysql for that to be seamless with system
> password tools.
why not just write a small perl or whatever script to update the passwd in
the database?
It is very simple.
> In any case, it seems odd that the password hash is in shadow format,
> and is stored in mysql, but you can't use any mysql tools to generate a
> hash of that type... i.e. you must generate a password outside then
> write it to mysql in its raw form...
Yes and that is very easy. Use the system crypt function with a salt in
the form "'$1$' . (8 x random chars)"
> If I use pam_mysql, how would I disable the authentication portion of
> nss_mysql and only use it for other user info and group lookups?
Not necessary, you'd simply have to use pam aware applications and ensure
that the pam config for them specifies pam_mysql instead of the standard
system authentication modules.
Jason Clifford
--
UKPOST.COM get your @ukpost.com address now...
http://www.ukpost.com/