Hi folks,

As per subject really...

I have to set up some new MySQL servers.

Is there a way to have a subset of user@% accounts auth against the system's
PAM service, in the same way Postgresql can?

(This is not to be confused with have the system's PAM setup auth users
against a MySQL database!)

Failing PAM, does LDAP exist as an option?

Many thanks in advance,

Tim
--
Tim Watts

Tim Watts <tw (AT) dionic (DOT) net> wrote:
I am not 100% aware which is "the PostgreSQL way". But MySQL 5.5
introduces pluggable authentication [1]. And while a PAM-plugin
is not released yet, it is work in progress. Also any third party
can now write plugins to authenticate against arbitrate directory
services. It seems Percona is working on it [2].

[1] http://dev.mysql.com/doc/refman/5.5/...ntication.html
[2] http://www.google.com/search?&q=mysql+pam+auth+plugin


XL

Axel Schwenke wrote:

Brilliant - thank you for that Axel.

If I can find or write a PAM module, that would make it worth building my
own MySQL deb or pulling from debian's experimental repo.

BTW, the Postgres way is that roles (or roles of roles) can be declared to
authenticate using one of trust, identd, local-db, pam, ldap or gssapi.

This is a great solution if you have a bunch of roles that are used in
scripts/webapps (use local db auth) but you also have several hundred real
users and you want to not have to maintain local DB passwords for them.

--
Tim Watts