| 1 |
On Fri, 9 Sep 2005, Paul Kölle wrote: |
| 2 |
|
| 3 |
> It's pretty straightforward. libnss-mysql configuration file takes a SQL |
| 4 |
> query for each get*() call, so there are no constraints for the db |
| 5 |
> schema. Examples are in /usr/share/doc after installing the package. |
| 6 |
> What I haven't figured out yet: Calls to NSS are made in the context of |
| 7 |
> the user running e.g. "id", so if you use a socket connection to mysql |
| 8 |
> you need to allow *every* user to read from the socket. I haven't |
| 9 |
> investigated the implications in terms of security yet. |
| 10 |
|
| 11 |
If you look at the MySQL privileges for the libnss-mysql user (as set in |
| 12 |
/etc/libnss-mysql.cfg) you will see that only SELECT priv is granted for |
| 13 |
that user. (Granted, that might be a problem too ;-) |
| 14 |
|
| 15 |
|
| 16 |
-- |
| 17 |
|
| 18 |
-- |
| 19 |
gentoo-server@g.o mailing list |
Archives