summaryrefslogtreecommitdiff
path: root/libraries/nss-mysql/README
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/nss-mysql/README')
-rw-r--r--libraries/nss-mysql/README41
1 files changed, 41 insertions, 0 deletions
diff --git a/libraries/nss-mysql/README b/libraries/nss-mysql/README
new file mode 100644
index 0000000000..9f48ffb1d5
--- /dev/null
+++ b/libraries/nss-mysql/README
@@ -0,0 +1,41 @@
+The NSS-MySQL name service switch library
+
+libnss_mysql retrieves user account information from a MySQL database server.
+Per default stored in /etc/{group,passwd,shadow} on Unix-like systems. Which
+(partly) is similar in functionality to NIS, LDAP, RADIUS, Hesoid, winbindd
+
+When used over a remote-network uttermost care should be taken in the security
+of this (such as TLS/SSL encripting the connection) and even then storing any
+valid password for such 'virtual' users is probably a bad idee in itself.
+
+Kerberos provides for far superior single-sign-on autentication system (the
+'shadow' part in these kinds of systems) both in performance and security.
+
+On to the good stuff :-)
+To get this working (locally) login to the database server, presuming that
+it is running; otherwise read /etc/rc.d/rc.mysqld first; to make the DB:
+
+# mysql -uroot -p
+> CREATE DATABASE nss_mysql;
+
+After this is done it has to be populated with the user tables; there is
+an example for them is provided in /usr/doc/nss-mysql-<version>/sample.sql
+
+You can copy that to say /tmp , (probably) edit it some and insert it with:
+
+# mysql -uroot -p -D nss_mysql < /tmp/sample.sql
+
+After this is done create the 'nss' and 'nss-shadow' database users with
+statements such as the ones found in /usr/doc/nss-mysql-<version>/SHADOW
+And make sure the passwords for them in /etc/nss-{mysql,mysql-root}.conf
+are the same ...
+
+Now edit your /etc/nsswitch.conf to look like the -mysql and try the commands
+
+getent passwd
+getent shadow
+
+Which should list the users pulled from mysql!
+( Otherwise have a look at 'tail /var/log/syslog' - for hints to fix it).
+
+-Menno.