1 |
On Fri, 9 Sep 2005, Paul Kölle wrote: |
2 |
|
3 |
> It's pretty straightforward. libnss-mysql configuration file takes a SQL |
4 |
> query for each get*() call, so there are no constraints for the db |
5 |
> schema. Examples are in /usr/share/doc after installing the package. |
6 |
> What I haven't figured out yet: Calls to NSS are made in the context of |
7 |
> the user running e.g. "id", so if you use a socket connection to mysql |
8 |
> you need to allow *every* user to read from the socket. I haven't |
9 |
> investigated the implications in terms of security yet. |
10 |
|
11 |
If you look at the MySQL privileges for the libnss-mysql user (as set in |
12 |
/etc/libnss-mysql.cfg) you will see that only SELECT priv is granted for |
13 |
that user. (Granted, that might be a problem too ;-) |
14 |
|
15 |
|
16 |
-- |
17 |
|
18 |
-- |
19 |
gentoo-server@g.o mailing list |