Alexander Bokovoy writes: > On ti, 31 loka 2017, Gordon Messmer via FreeIPA-users wrote: >> On 10/31/2017 03:44 PM, Andrew Meyer via FreeIPA-users wrote: >> >>> I've been following this website: >>> FreeIPA: Giving permissions to service accounts. — Firstyear's >>> blog-a-log >>> <http://firstyear.id.au/blog/html/2015/07/06/FreeIPA:_Giving_permissions_to_service_accounts..html> >> >> None of that is particularly relevant unless you're specifically >> supporting MSCHAPv2 authentication.
... which you shouldn't do because it's broken: https://www.schneier.com/blog/archives/2012/08/breaking_micros.html >>The easiest solution for authenticating MySQL using FreeIPA is >>probably to join the MySQL server to the IPA domain and then use PAM >>authentication: >> >>https://dev.mysql.com/doc/refman/5.5/en/pam-pluggable-authentication.html > > If you are using MariaDB instead of MySQL, it is possible to configure > GSSAPI (Kerberos) to authenticate. You'd still need to create users in > MariaDB database first so that it knows these are valid ones: > https://mariadb.com/kb/en/library/authentication-plugin-gssapi/ For interest: GSSAPI encryption is forthcoming, but stalled on mariadb growing a proper plugin API. Thanks, --Robbie
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org