List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:June 29 1999 1:26am
Subject:Re: login authintication
View as plain text  
>>>>> "bhildred" == bhildred  <bhildred@stripped> writes:

bhildred> Fred Read wrote:
>> 
>> bhildred@stripped wrote:
>> >
>> > Oh Great Gurus, of the data base,
>> >         I was looking over my passwd, shadow, smbpasswd files and 
>> > the mysql authentication tables, and was pondering, If I wrote a pam 
>> > module which referred all authentication to mysql, could I add a
>> > couple columns to the users table, or would this be asking for 
>> > trouble?
>> 
>> Go to "http://www.freshmeat.net" and do a find on "PAM";
>> 
>> PAM-Mysql
>> pam_smb
>> 
>> If they don't actually do what you want they will probably
>> be a good starting point for you!
>> --
>> "IR35: New Labour, Old Habits!"
>> I still remember the last Labour government; electricity strikes,
>> bread strikes, the "Closed Shop", Grunwick, rubbish piled high in
>> the streets, dead bodies waiting months to be buried...

bhildred> thanks for the pointer, I found s project that has started moving in
bhildred> this direction, however they don't tackle either questiuon, what would
bhildred> happen if I add colums to the users table (Does MySQL use optimized
bhildred> grant routines or internal collum specific selects?), what are the
bhildred> concerns with extracting MySSQL's password function (Is the development
bhildred> team planning on implementing the same alogrithim in all forseen future
bhildred> relices? How secure is the password hash?)

Hi!

It would probably be safer to add a new table in the 'mysql' database.

We don't have any plans to change the password function in the near
future.  Note that the hash is only a way to not let the administrator
accidently see the used password.  The hash is in fact the password in 
MySQL (because if you know the hash, you don't need to know the
password to make a client that can connect to the MYSQL server).
What do you mean with secure in this context?

Regards,
Monty
Thread
login authinticationbhildred24 Jun
  • Re: login authinticationFred Read24 Jun
  • Re: login authinticationbhildred24 Jun
    • Re: login authinticationMichael Widenius29 Jun