ok, i installed libnss-mysql and i can login via ssh and ftp as a user whois data is stored in the mysql database i created for such purpose. so it is a working config. however, i try to login for mail, and it doesn't like it. i use cyrus imap/postfix. in the past, i've used libpam-mysql for those, but i like libnss-mysql so that i can manage all users for my entire system via custom web control panels in one sweet spot.
now, i can use libpam-mysql to use data in the mysql database that is also used for libnss-mysql, and that would seem to be fine, but here is the thing i found out. if i cut the encrypted password from the mysql field and paste into the /etc/shadow file, adding a line for the user in that, it works with the mail too. so it seems it has a problem with where to go to get the shadow password. now, i don't mind for some users passwd to be completely in the mysql database, that's ok with me, no shadow file needed. so, is there a solution to apply to this problem without using libpam-mysql for my mail server? should i post my config files? i mean, they are just the basic config files that came when i apt-get'd the prog. or is this a no-can-do? impossible without libpam?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yeah, I believe cyrus is set up such that it tried to get password information as a non-root user - e.g. it can't access shadow information. Your solution would simply be to change the getpw* routines to ask for the 'password' column instead of "'x'" and then modify the MySQL tables to allow nss-user access to that column. Let me know if you need a hand with that.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
ok, i installed libnss-mysql and i can login via ssh and ftp as a user whois data is stored in the mysql database i created for such purpose. so it is a working config. however, i try to login for mail, and it doesn't like it. i use cyrus imap/postfix. in the past, i've used libpam-mysql for those, but i like libnss-mysql so that i can manage all users for my entire system via custom web control panels in one sweet spot.
now, i can use libpam-mysql to use data in the mysql database that is also used for libnss-mysql, and that would seem to be fine, but here is the thing i found out. if i cut the encrypted password from the mysql field and paste into the /etc/shadow file, adding a line for the user in that, it works with the mail too. so it seems it has a problem with where to go to get the shadow password. now, i don't mind for some users passwd to be completely in the mysql database, that's ok with me, no shadow file needed. so, is there a solution to apply to this problem without using libpam-mysql for my mail server? should i post my config files? i mean, they are just the basic config files that came when i apt-get'd the prog. or is this a no-can-do? impossible without libpam?
Yeah, I believe cyrus is set up such that it tried to get password information as a non-root user - e.g. it can't access shadow information. Your solution would simply be to change the getpw* routines to ask for the 'password' column instead of "'x'" and then modify the MySQL tables to allow nss-user access to that column. Let me know if you need a hand with that.