[MXS-2267] Document which accounts PAM authenticators will actually use - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.19, 2.3.2
Fix Version/s: 2.2.20, 2.3.4
Component/s: Authenticator, Documentation
Labels:
None

Sprint:
MXS-SPRINT-74

Description

Based on the query in the commit for ~~MXS-1716~~, PAM authenticators will only actually use PAM accounts that meet certain conditions.

https://github.com/mariadb-corporation/MaxScale/commit/aa260cf6cf5a91682fa6176f70d3c55263cec57e

PAM authenticators will use an account if:

It uses the PAM plugin for authentication (plugin=pam in mysql.user).

And if:

It has global SELECT privileges;
Or it has some database-level privilege;
Or it some table-level privilege.

This should probably be documented:

https://mariadb.com/kb/en/mariadb-maxscale-23-pam-authenticator/

Attachments

Issue Links

relates to

MXS-2269 Document user and group mapping support for PAM authenticators

Closed

MXS-334 Enable Pam.d Support

Closed

MXS-1716 "show dbusers ...service..." returns empty list when using PAMAuth

Closed

MXS-2294 Document how to configure user and group mapping for PAM authenticators

Closed

Activity

People

Assignee:: Esa Korhonen

Reporter:: Geoff Montee

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2019-01-16 18:21

Updated:: 2020-08-25 16:58

Resolved:: 2019-01-28 12:01

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.