PAM

MySQL

  • pam = autorizace
  • nss = prirazeni paramtru (homedir, expire, uid, apod..)
apt-get install libpam-mysql libnss-mysql

SQL

DROP TABLE IF EXISTS groups;

CREATE TABLE groups (
  group_id int(11) NOT NULL auto_increment primary key,
  group_name varchar(30) DEFAULT '' NOT NULL,
  status        char(1) DEFAULT 'A',
  group_password varchar(64) DEFAULT 'x' NOT NULL,
  gid int(11) NOT NULL
);                                    

INSERT INTO groups VALUES (1,'users','A','x',100);

DROP TABLE IF EXISTS user;

CREATE TABLE user (
  user_id int(11) NOT NULL auto_increment primary key,
  user_name varchar(50) DEFAULT '' NOT NULL,
  realname varchar(32) DEFAULT '' NOT NULL,
  shell varchar(20) DEFAULT '/bin/sh' NOT NULL,
  password varchar(40) DEFAULT '' NOT NULL,
  status char(1) DEFAULT 'N' NOT NULL,
  uid int(11) NOT NULL,
  gid int(11) DEFAULT '65534' NOT NULL,
  homedir varchar(32) DEFAULT '/bin/sh' NOT NULL,
  lastchange varchar(50) NOT NULL default '',
  min int(11) NOT NULL default '0',
  max int(11) NOT NULL default '0',
  warn int(11) NOT NULL default '7',
  inact int(11) NOT NULL default '-1',
  expire int(11) NOT NULL default '-1'                           
);

DROP TABLE IF EXISTS user_group;

CREATE TABLE user_group (
  user_id int(11) DEFAULT '0' NOT NULL,
  group_id int(11) DEFAULT '0' NOT NULL
);

GRANT select(user_name,user_id,uid,gid,realname,shell,homedir,status) on user to nss@localhost identified by 'ieopurASDF';
GRANT select(group_name,group_id,gid,group_password,status) on groups to nss@localhost identified by 'ieopurASDF';
GRANT select(user_id,group_id) on user_group to nss@localhost identified by 'ieopurASDF';
GRANT select(user_name,password,user_id,uid,gid,realname,shell,homedir,status,lastchange,min,max,warn,inact,expire) on user to 'nss-shadow'@localhost identified by 'ruASDFDER';
GRANT update(user_name,password,user_id,uid,gid,realname,shell,homedir,status,lastchange,min,max,warn,inact,expire) on user to 'nss-shadow'@localhost identified by 'ruASDFDER';
FLUSH PRIVILEGES;

pokud chceme i logovani, tak tabulka

CREATE TABLE `log` (
 `msg` varchar(50) NOT NULL default '',
 `user` varchar(50) NOT NULL default '',
 `pid` int(11) NOT NULL default '0',
 `host` varchar(100) NOT NULL default '',
 `time` datetime NOT NULL default '0000-00-00 00:00:00'
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

upravit /etc/nsswitch.conf – pridat mysql za passd, group a shadow, takhle

passwd:	compat mysql
group:	compat mysql
shadow:	compat mysql

a zmenit heslo v souborech

/etc/nss-mysql.conf
/etc/nss-mysql-root.conf

citelny jen pro roota

chmod 600 /etc/nss-mysql-root.conf

a nakonec upravit soubory v /etc/pam.d (pridat dane radky nahoru nad per-package moduly

pro ostre nasazeni odebrat logovani a verbose=1

common-password

password    sufficient      pam_mysql.so nullok verbose=1 user=root \
  passwd=spc29 db=nss table=user usercolumn=user_name passwdcolumn=password \
  crypt=3 md5=true \
  sqllog=true logtable=log logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logtimecolumn=time

common-auth

auth    sufficient        pam_mysql.so user=root verbose=1 \
  passwd=spc29 db=nss table=user usercolumn=user_name passwdcolumn=password \
  statcolumn=status crypt=3 md5=true sqllog=true logtable=log logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logtimecolumn=time

zdroje:

linux/pam.txt · Poslední úprava: 26.04.2011 23:42 autor: wladik

Nástroje pro stránku