Well, if you authenticate over a network, with a tool such as the Database Instance creation wizard, you must supply your credentials.
You can't log in as DBM, or DBA, as these users do not yet exist. You /can/ log in as either the owner of the MaxDB installation, or as a user that belongs to the MaxDB administrators group.
Now: This user would be the one you identify as
----
- my standard pam auth to login as the sapdb user to perform maintenance operations like a database kernel upgrade
----
But when you connect over the network to x_server, x_server performs it's authentication checks using crypt(), and doesn't appear to be PAM-aware.
More exactly, suppose the MaxDB installation is owned by: user=sdb group=sdba Both of them are users present in /etc/passwd and /etc/shadow
And you have a user "sapadmin" who belongs to the group "sdba." Suppose his password is "test."
If sapadmin tries to connect over the network through the instance creation wizard, and supplies password "test" --- if the underlying OS encrypts its password files with MD5, "sapadmin" will be unable to authenticate.
Make sense?
This behavior is documented in an older post at: http://lists.mysql.com/maxdb/19540
I'm look for a solution that doesn't require me to reset passwords.
Cheers, JLS
Thomas Cataldo wrote:
On Wed, 2004-02-11 at 20:30, John L. Singleton wrote:
Hello all,
I have a quick question for which I can't seem to find a reasonable answer.
I understand that by default MaxDB does not support authentication at the operating system level if the shadow file is encrypted with MD5. I also understand that a possible solution for this is to remove the "md5" line from /etc/pam.d/login, /etc/pam.d/passwd, et al, and then reset the passwords.
Unfortunately, this is terribly inconvenient, and in some situations infeasible, as it requires one to reset all passwords. Does anyone know of a way to work around this?
The only idea I've had would be to use some sort of PAM stacking approach. But, is MaxDB PAM aware? I checked a few of the binaries with "ldd <binary> | grep pam" but no luck. Could anyone point me at some documentation for MaxDB's authentication process at the operating system level (ie, the process/steps MaxDB takes from allowing a connection from x_server to performing authentication?)?
I may be completely wrong, but which auth do you mean ?
As a linux only guy I only see 2 auths : - my standard pam auth to login as the sapdb user to perform maintenance operations like a database kernel upgrade - my database users, that have nothing to do with pam/linux/your os but are stored in the databases system tables
You may be talking of the broken maxdb installer that fails in lots of situations (no shadow passwords, forcing user creation in /home for example).
-- MaxDB Discussion Mailing List For list archives: http://lists.mysql.com/maxdb To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
