On Thursday 05 Nov 2015 13:49:26 Alex Peshkoff wrote:
> On 11/04/2015 11:45 AM, Paul Reeves wrote:
> > So the question is this - can the authentication method be switched
> > between
> > srp and legacy without modifiying security3.fdb?
>
> Paul, switching authentication method does not require modification of
> security3.fdb - only firebird.conf.
That is good to know. Although as I mentioned in my reply to Mark yesterday, I
think it will be best if the installer doesn't get involved with this if it
detects an existing security3.fdb.
> Parameter UserManager in it sets plugin used to work with security database.
> If more than one plugin is given, first plugin from the list is used by
> default when changing user and all that plugins are used to list users in
> sec$users pseudo table.
This is something that I haven't fully understood in the Release Notes. If I
understand correctly the first plugin is the only one used for authentication.
I originally thought that the server would go through the list one by one
until it found a plugin that worked.
The only time the list is used is when querying the sec$users table.
I think this distinction needs to be made clearer.
> Using SQL to manage users you may choose non-default plugin from the
> list of available with "USING PLUGIN name" clause in create/alter/drop
> user statement.
Yes, I know this is in the release notes, but I haven't yet started to do
anything at that level. I've just been working on getting the security
database correctly initialised for SRP and legacy auth. But if I understand
correctly if we have this setting for UserManager:
UserManager = srp, legacy_auth
we can then use this to add SYSDBA for legacy_auth:
isql> create user SYSDBA password 'SomethingCryptic'
using plugin legacy_auth;
instead of the old method of calling gsec. (Which is how the installer is
currently set up for RC1).
Paul
--
Paul Reeves
http://www.ibphoenix.com
Supporting users of Firebird
------------------------------------------------------------------------------
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
