First of all, I'm still pretty green when it comes to how pam works, so maybe (probably?) I'm doing something very stupid.
I'm trying to get pam-mysql set up to validate POP3 users (qpopper). I've got it so that it works - but I find I still need the userid in the /etc/passwd file. It's not using the system password - authentication is using the one in the mysql table. But it seems I still need an entry in /etc/passwd.
I do have Exim working fine and authorizing users to send mail from the MySQL tables, and it is authorizing users to send email correctly.
How can I get around this? The whole idea is to be able to manage the email users through mysql only, and not have to have a system account for each user.
TIA.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Jerry,
Welcome. Well, it sounds like you have the pam_mysql working if users are access so long as they are listed in the passwd file. This is a common mistake... pam_mysql only works with pam which only does authentication. In order for your users in mysql to be available along side the users listed in your files, you will additionally need nss_mysql which is a separate project. The nss_mysql can be configured to provide usernames, group id, and user id to the system and will work with pam_mysql to authorize the user.
To make a long story short... ;-) [too late]
...for what your attempting to do, you will now need to setup nss_mysql also.
As a side point, I usually like to point to the fact that nss_mysql has a shadow option which would allow passwords to be stored in mysql and is similar to pam_mysql. But where I like to differentiate it is that nss shadow support is for all services (like the /etc/passwd and /etc/shadow files are). I personally like to use the pam_mysql for password authentication so I can create custom queries for different services. (i.e. User X can use ftp and ssh; User Y can only ftp; etc.)
Hope that helps. -Cheers, Peter.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi, all,
First of all, I'm still pretty green when it comes to how pam works, so maybe (probably?) I'm doing something very stupid.
I'm trying to get pam-mysql set up to validate POP3 users (qpopper). I've got it so that it works - but I find I still need the userid in the /etc/passwd file. It's not using the system password - authentication is using the one in the mysql table. But it seems I still need an entry in /etc/passwd.
I do have Exim working fine and authorizing users to send mail from the MySQL tables, and it is authorizing users to send email correctly.
How can I get around this? The whole idea is to be able to manage the email users through mysql only, and not have to have a system account for each user.
TIA.
Jerry,
Welcome. Well, it sounds like you have the pam_mysql working if users are access so long as they are listed in the passwd file. This is a common mistake... pam_mysql only works with pam which only does authentication. In order for your users in mysql to be available along side the users listed in your files, you will additionally need nss_mysql which is a separate project. The nss_mysql can be configured to provide usernames, group id, and user id to the system and will work with pam_mysql to authorize the user.
To make a long story short... ;-) [too late]
...for what your attempting to do, you will now need to setup nss_mysql also.
As a side point, I usually like to point to the fact that nss_mysql has a shadow option which would allow passwords to be stored in mysql and is similar to pam_mysql. But where I like to differentiate it is that nss shadow support is for all services (like the /etc/passwd and /etc/shadow files are). I personally like to use the pam_mysql for password authentication so I can create custom queries for different services. (i.e. User X can use ftp and ssh; User Y can only ftp; etc.)
Hope that helps. -Cheers, Peter.
Thanks, Peter. I'll check out nss_mysql.