From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.43)
	id 1EI7Zt-0003Wu-2U
	for garchives@archives.gentoo.org; Wed, 21 Sep 2005 16:36:13 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id j8LGRD6a026256;
	Wed, 21 Sep 2005 16:27:13 GMT
Received: from mail.bway.net (xena.bway.net [216.220.96.26])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id j8LGRCCZ019643
	for <gentoo-server@lists.gentoo.org>; Wed, 21 Sep 2005 16:27:12 GMT
Received: (qmail 92784 invoked by uid 0); 21 Sep 2005 16:33:12 -0000
Received: from unknown (HELO ida.bway.net) (216.220.96.4)
  by smtp.bway.net with (EDH-RSA-DES-CBC3-SHA encrypted) SMTP; 21 Sep 2005 16:33:12 -0000
Date: Wed, 21 Sep 2005 12:28:15 -0400 (EDT)
From: "A. Khattri" <ajai@bway.net>
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] Virtual ssh users
In-Reply-To: <432151F7.8020204@gmail.com>
Message-ID: <Pine.BSO.4.58.0509211225510.9471@ida.bway.net>
References: <43211564.7030109@catprosystems.com> <432151F7.8020204@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id j8LGRD7o026256
X-Archives-Salt: d7992b0c-599f-4b39-a84c-7fa5296f2896
X-Archives-Hash: 7b2854c062ae2b2cb3395988c51c373a

On Fri, 9 Sep 2005, Paul K=F6lle wrote:

> It's pretty straightforward. libnss-mysql configuration file takes a SQ=
L
> query for each get*() call, so there are no constraints for the db
> schema. Examples are in /usr/share/doc after installing the package.
> What I haven't figured out yet: Calls to NSS are made in the context of
> the user running e.g. "id", so if you use a socket connection to mysql
> you need to allow *every* user to read from the socket. I haven't
> investigated the implications in terms of security yet.

If you look at the MySQL privileges for the libnss-mysql user (as set in
/etc/libnss-mysql.cfg) you will see that only SELECT priv is granted for
that user. (Granted, that might be a problem too ;-)


--=20

--=20
gentoo-server@gentoo.org mailing list