Details
-
Type:
Task
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.2.19, 2.3.2
-
Component/s: Authenticator, Documentation
-
Labels:None
-
Sprint:MXS-SPRINT-74
Description
Based on the query in the commit for MXS-1716, PAM authenticators will only actually use PAM accounts that meet certain conditions.
https://github.com/mariadb-corporation/MaxScale/commit/aa260cf6cf5a91682fa6176f70d3c55263cec57e
PAM authenticators will use an account if:
- It uses the PAM plugin for authentication (plugin=pam in mysql.user).
And if:
- It has global SELECT privileges;
- Or it has some database-level privilege;
- Or it some table-level privilege.
This should probably be documented:
https://mariadb.com/kb/en/mariadb-maxscale-23-pam-authenticator/