On Fri, 9 Sep 2005, Paul Kölle wrote: > It's pretty straightforward. libnss-mysql configuration file takes a SQL > query for each get*() call, so there are no constraints for the db > schema. Examples are in /usr/share/doc after installing the package. > What I haven't figured out yet: Calls to NSS are made in the context of > the user running e.g. "id", so if you use a socket connection to mysql > you need to allow *every* user to read from the socket. I haven't > investigated the implications in terms of security yet.
If you look at the MySQL privileges for the libnss-mysql user (as set in /etc/libnss-mysql.cfg) you will see that only SELECT priv is granted for that user. (Granted, that might be a problem too ;-) -- -- [email protected] mailing list
