-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.3.3
-
Fix Version/s: 2.3.5
-
Component/s: Authenticator
-
Labels:None
-
Sprint:MXS-SPRINT-75, MXS-SPRINT-76
The query in PamInstance::query_anon_proxy_user and PamClientSession::get_pam_user_services specifically checks for the ''@'%' anonymous user:
const char ANON_USER_QUERY[] = "SELECT authentication_string FROM mysql.user WHERE "
|
"(plugin = 'pam' AND user = '' AND host = '%');";
|
Is it possible to make user and group mapping work with a more specific host than '%'? Some users do not like to create accounts that can authenticate from literally any host, since it opens up the possibility of things like brute force attacks.
- relates to
-
MXS-2293 Monitor fails PAM authentication with error: Plugin dialog could not be loaded
-
- Closed
-
-
MXS-2294 Document how to configure user and group mapping for PAM authenticators
-
- Closed
-
-
MXS-334 Enable Pam.d Support
-
- Closed
-
-
MXS-1758 Support PAM group mapping, like MariaDB Server does
-
- Closed
-
-
MXS-2269 Document user and group mapping support for PAM authenticators
-
- Closed
-