On Thu, Apr 23, 2015 at 2:42 PM, Felipe Gasper <fel...@felipegasper.com> wrote: > > This looks really cool--thank you for posting! > > One question: how readily might this be able to support using > MariaDB’s own authentication for the user rather than /etc/shadow? > > Example: > > GRANT USAGE ON *.* TO 'temp_g5fj3s'@'' IDENTIFIED BY 'my_secret'; > GRANT PROXY ON 'frank'@'localhost' TO 'temp_g5fj3s'@''; > > e.g., I log in as “temp_g5fj3s” using “my_secret”, and MariaDB would > then just make that user behave as 'frank'@'localhost'. >
I believe that the proxy user functionality in MySQL/MariaDB requires that the authentication plugin change the user name to that of the proxied user: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html As far as I know, MariaDB's default authentication doesn't support this kind of thing. The PAM authentication plugin does. However, if you are using MariaDB 10.0, you could use roles: https://mariadb.com/kb/en/mariadb/roles-overview/ What you are trying to do would look like this: CREATE USER 'temp_g5fj3s'@'%' IDENTIFIED BY 'my_secret'; CREATE ROLE 'frank'; GRANT 'frank' TO 'temp_g5fj3s'@'%'; When 'temp_g5fj3s' logs in, the user would have to do this to inherit frank's privileges: SET ROLE frank; Starting in 10.1., the user would also be able to do this to inherit frank's privileges automatically: SET DEFAULT ROLE frank FOR 'temp_g5fj3s'@'%'; Geoff _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
