OFFTOPIC [linux-security] Re: How can I Authenticate via MySQL?

[Carlo Marcelo Arenas Belon <carenas chasqui lared net pe>]

> On Sat, Oct 23, 1999 at 04:52:19PM -0700, Horms wrote : 
> > On Sat, Oct 23, 1999 at 03:09:41PM +0330, Seyyed Hamid Reza Hashemi Golpayegani wrote:
> > > I want to set up my Redhat 6.0 Linux machine to Authenticate username and
> > > password and other information for user that received from /etc/passwd &
> > > /etc/shadow from MySQL server
> > 
> > Glibc supports arbitary databases for things like passwd, group and
> > shadow, through the nss mechanism.
> 
> 	Correct me If I'm wrong, but shouldn't this task be done
> by PAM ? And AFAIK there exists allready an PAM module which does
> basic mysql authentication, try searching for pam_mysql.tgz.

actually you can use both of them, to make your user Authentication work
against a mysql server.

using PAM you can make your Authentication Server, really modular, i mean,
you could check you user/password on a mysql server, for your pop3, and
imap server but use the normal nss_map for console login or telnet
(usually /etc/passwd, /etc/group, /etc/shadow, but could be also a NIS
domain or any other "nss" directory servive)

there is a PAM module ready AFAIK (http://www.midnightklinux.com/mysql), i
don't know if there is any nss_mysql service.., but i would'n suggest to
use one (what if your mysql server can't start, and you can't even get a
root login into your box to fix it up)

if you want to go the "nss" way, you could be using nss_ldap
(http://www.padl.com/nss_ldap.html), and making you ldap server use your
mysql server as a repository.

HTH

Carlo

PS. i really don't thing this thread could be on this list, as this is a
"security" list not a development one