注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

Tenhlf的博客

 
 
 

日志

 
 

pam_mysql 文档  

2009-08-17 16:53:35|  分类: Linux |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

http://pam-mysql.sourceforge.net

Introduction

This is a successor of the "old" pam_mysql module, which comes with a more stable, secure and robust implementation.

Prerequisites

To try this module, you need the following stuff:

  • A *NIX system, in which PAM facility is set up and working either system-wide or in a chroot jail.
  • A MySQL server, up and running.

Available options

The module options are listed below with default in ()s:

de>verbosede> (0)

If set to 1, produce logs with detailed messages that describes what pam-mysql is doing. May be useful for debugging.

de>userde>

The user name used to open the specified MySQL database.

de>passwdde>

The password used to open the specified MySQL database.

de>hostde>

The host name or absolute path to the unix socket where the MySQL server is listening. The following formats are accepted:

  1. absolute path to the unix socket (e.g. de>/tmp/mysql.sockde>)
  2. host name (e.g. de>somewhere.example.comde>)
  3. host name + port number (e.g. de>somewhere.example.com:3306de>)
de>dbde>

The name of the database that contains a user-password table.

de>tablede>

The name of table that maps unique login names to the passwords. This can be a combination of tables with full JOIN syntax if you need more control. For example:

[table=Host LEFT JOIN HostUser ON HostUser.host_id=Host.id \
LEFT JOIN User ON HostUser.user_id=User.id]
de>update_tablede>

The name of the table used for password alteration. If not defined, the value of the "table" option will be used instead. This is handy if you have a complex JOIN instead of a simple table in the "table" option above.

de>usercolumnde>

The name of the column that contains a unix login name field. Should be in a fully qualified form.

de>passwdcolumnde>

The name of the column that contains a (encrypted) password string. Should be in a fully qualified form.

de>statcolumnde>

The name of the column that indicates the status of the user. Should be in a fully qualified form.

de>cryptde> (0)

Specifies the method to encrypt the user's password:

  • 0 (or "plain") = No encryption. Passwords stored in plaintext. HIGHLY DISCOURAGED.
  • 1 (or "Y") = Use crypt(3) function
  • 2 (or "mysql") = Use MySQL PASSWORD() function. It is possible that the encryption function used by pam-mysql is different from that of the MySQL server, as pam-mysql uses the function defined in MySQL's C-client API instead of using PASSWORD() SQL function in the query.
  • 3 (or "md5") = Use MySQL MD5() function
de>md5de> (false)

If set to "true", use MD5 by default for crypt(3) hash. Only meaningful when crypt is set to "Y".

de>wherede>

Specifies additional criteria for the query. For example:

[where=Host.name="web" AND User.active=1]
de>sqllogde>

If set to either "true" or "yes", SQL logging is enabled.

de>logtablede>

The name of the table to which logs are written.

de>logmsgcolumnde>

The name of the column in the log table to which the description of the log entry is stored.

de>logusercolumnde>

The name of the column in the log table to which the name of the user being authenticated is stored.

de>logpidcolumnde>

The name of the column in the log table to which the pid of the process utilising the pam_mysql's authentication service is stored.

de>loghostcolumnde>

The name of the column in the log table to which the hostname of the machine where the authentication is performed is stored.

de>logtimecolumnde>

The name of the column in the log table to which the timestamp of the log entry is stored.

de>config_filede> (note: available in 0.7, not in 0.6!)

Path to a NSS-MySQL style configuration file which enumerates the options per line. Acceptable option names and the counterparts in the PAM-MySQL are listed below:

Name Counterpart
users.host host
users.database db
users.db_user user
users.db_passwd passwd
users.where_clause host
users.table table
users.update_table update_table
users.user_column usercolumn
users.password_column passwdcolumn
users.status_column statcolumn
users.password_crypt crypt
users.use_md5 md5
users.where_clause where
verbose verbose
log.enabled sqllog
log.table logtable
log.message_column logmsgcolumn
log.pid_column logpidcolumn
log.user_column logusercolumn
log.host_column loghostcolumn
log.time_column logtimecolumn
  评论这张
 
阅读(629)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018