mirror of
https://github.com/MariaDB/server.git
synced 2025-10-31 02:46:29 +01:00
115 lines
3 KiB
Text
115 lines
3 KiB
Text
install plugin pam soname 'auth_pam.so';
|
|
create user test_pam identified via pam using 'mariadb_mtr';
|
|
grant all on test.* to test_pam;
|
|
create user pam_test;
|
|
grant all on test.* to pam_test;
|
|
grant proxy on pam_test to test_pam;
|
|
#
|
|
# authentication is successful, challenge/pin are ok
|
|
# note that current_user() differs from user()
|
|
#
|
|
Challenge input first.
|
|
Enter: *************************
|
|
Now, the magic number!
|
|
PIN: 9225
|
|
select user(), current_user(), database();
|
|
user() current_user() database()
|
|
test_pam@localhost pam_test@% test
|
|
#
|
|
# authentication is unsuccessful
|
|
#
|
|
Challenge input first.
|
|
Enter: *************************
|
|
Now, the magic number!
|
|
PIN: 9224
|
|
#
|
|
# authentication is unsuccessful
|
|
#
|
|
Challenge input first.
|
|
Enter: ****************
|
|
Now, the magic number!
|
|
PIN: 616
|
|
#
|
|
# authentication is successful
|
|
#
|
|
Now, the magic number!
|
|
PIN: 9212
|
|
select user(), current_user(), database();
|
|
user() current_user() database()
|
|
test_pam@localhost pam_test@% test
|
|
#
|
|
# authentication is unsuccessful
|
|
#
|
|
Now, the magic number!
|
|
PIN: 9212
|
|
#
|
|
# MDEV-26339 Account specifics to be handled before proxying
|
|
#
|
|
alter user pam_test account lock;
|
|
alter user pam_test require subject 'foobar';
|
|
alter user pam_test password expire;
|
|
Now, the magic number!
|
|
PIN: 9212
|
|
select user(), current_user(), database();
|
|
user() current_user() database()
|
|
test_pam@localhost pam_test@% test
|
|
alter user pam_test account unlock;
|
|
alter user pam_test require none;
|
|
alter user pam_test identified by '';
|
|
show create user pam_test;
|
|
CREATE USER for pam_test@%
|
|
CREATE USER `pam_test`@`%`
|
|
alter user test_pam account lock;
|
|
Now, the magic number!
|
|
PIN: 9212
|
|
alter user test_pam account unlock;
|
|
alter user test_pam require subject 'foobar';
|
|
Now, the magic number!
|
|
PIN: 9212
|
|
alter user test_pam require none;
|
|
alter user test_pam password expire;
|
|
Now, the magic number!
|
|
PIN: 9212
|
|
select user(), current_user(), database();
|
|
drop user test_pam;
|
|
drop user pam_test;
|
|
create user PAM_TEST identified via pam using 'mariadb_mtr';
|
|
grant all on test.* to PAM_TEST;
|
|
#
|
|
# authentication is unsuccessful
|
|
#
|
|
Challenge input first.
|
|
Enter: *************************
|
|
Now, the magic number!
|
|
PIN: 9225
|
|
set global pam_winbind_workaround=1;
|
|
#
|
|
# authentication is successful
|
|
#
|
|
Challenge input first.
|
|
Enter: *************************
|
|
Now, the magic number!
|
|
PIN: 9225
|
|
select user(), current_user(), database();
|
|
user() current_user() database()
|
|
PAM_TEST@localhost PAM_TEST@% test
|
|
drop user PAM_TEST;
|
|
#
|
|
# MDEV-27341 Use SET PASSWORD to change PAM service
|
|
#
|
|
create user pam_test identified via pam using 'mariadb_mtr';
|
|
grant all on test.* to pam_test;
|
|
Challenge input first.
|
|
Enter: *************************
|
|
Now, the magic number!
|
|
PIN: 9225
|
|
select user(), current_user(), database();
|
|
user() current_user() database()
|
|
pam_test@localhost pam_test@% test
|
|
set password='foo';
|
|
ERROR HY000: SET PASSWORD is not applicable for users authenticating via pam plugin
|
|
show create user;
|
|
CREATE USER for pam_test@%
|
|
CREATE USER `pam_test`@`%` IDENTIFIED VIA pam USING 'mariadb_mtr'
|
|
drop user pam_test;
|
|
uninstall plugin pam;
|