Alexander Bokovoy writes:

> On ti, 31 loka 2017, Gordon Messmer via FreeIPA-users wrote:
>> On 10/31/2017 03:44 PM, Andrew Meyer via FreeIPA-users wrote:
>>> I've been following this website:
>>> FreeIPA: Giving permissions to service accounts. — Firstyear's 
>>> blog-a-log 
>>> <>
>> None of that is particularly relevant unless you're specifically
>> supporting MSCHAPv2 authentication.

... which you shouldn't do because it's broken:

>>The easiest solution for authenticating MySQL using FreeIPA is 
>>probably to join the MySQL server to the IPA domain and then use PAM 
> If you are using MariaDB instead of MySQL, it is possible to configure
> GSSAPI (Kerberos) to authenticate. You'd still need to create users in
> MariaDB database first so that it knows these are valid ones:

For interest: GSSAPI encryption is forthcoming, but stalled on mariadb
growing a proper plugin API.


Attachment: signature.asc
Description: PGP signature

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to