libnss-mysql - System-wide authentication using MySQL

Vote 0 Votes

使用 libnss-mysql, 可以使帳號集中在 MySQL 管理, 有點類似 NIS 的做法.

安裝 linss-mysql
# wget
# tar zxf libnss-mysql-1.5.tar.gz
# cd libnss-mysql-1.5
# ./configure --with-mysql-inc=/usr/include/mysql --with-mysql-lib=/usr/lib/mysql
# make && make install
# mysql -uroot -ppassword < sample/linux/sample_database.sql

編輯 /etc/libnss-mysql.cfg (若找不到, 請 cp sample/linux/libnss-mysql.cfg /etc)
修改 MySQL 連線參數(請依實際環境設定)
host localhost
database auth
username root
password 1234
另一個 /etc/libnss-mysql-root.cfg 經測試是沒用到的, 刪除也能正常運作
修改 /etc/nsswitch.conf, 在 passwd/shadow/group files 後面加入 mysql
passwd: files mysql
shadow: files mysql
group: files mysql

新增 User
INSERT INTO users (username,gecos,homedir,password)
VALUES ('user', 'Test User', '/home/user', ENCRYPT('password'));
mkdir /home/user
chown user.users /home/user

ref. 酷!學園 - [分享]Libnss + Pam_mysql ,以 mysql 做身份認證
這篇文章有講到要裝 pam-mysql, 但實際測試其實不用裝 pam-mysql 也能正常運作.

2011-04-13 Update: 若是 64 bit 環境
./configure --with-mysql=/usr/local --libdir=/lib64
make CFLAGS="-m64"
make install

2011-04-30 Update: 若使用 MySQL 的 encrypt(), 密碼長度會有 8 碼限制,
需改用 PHP 的 crypt() 產生 MD5 的密碼再填入,
產生的密碼大概是這樣 $1$mV4riHAX$4qU/CaWhPu6obaccnScEV1
$1$ 代表 MD5 編碼

Leave a comment

About this Entry

This page contains a single entry by Pank published on April 1, 2010 8:12 PM.

Using Google Map API to Get Latitude/Longitude was the previous entry in this blog.

Get a country IP addresses is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives