maria-discuss team mailing list archive

Thread
Date

GRANT PROXY access denied with proxied User

To: maria-discuss@xxxxxxxxxxxxxxxxxxx
From: Fabian Jucker <jucker@xxxxxxxxxxxxx>
Date: Thu, 25 Aug 2016 15:56:38 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Hi,
At our enterprise we have a DBA-User proxied with "GRANT PROXY ON
'dba'@'%' TO ''@'%'" and backed by pam module (roughly according to [1])
to login from our ldap-accounts.

When logging in via pam into the DBA-Role I'm unable to grant the proxy
privileges to other users.

Following [2] (MySQL docs, because the MariaDB docs are lacking any
further information about this) I already tried to "GRANT PROXY ON
'dba'@'%' TO ''@'%' WITH GRANT OPTION" and "GRANT PROXY ON ''@'' TO
'dba'@'%' WITH GRANT OPTION" (as [2] is ambiguous about if the
"proxied_user" or the "proxy_user" should have the "WITH GRANT OPTION"),
but neither the first grant nor the second one showed any effect.

When I grant the proxy privilege with grant option to a local user, this
user is able to grant the proxy privileges to other users.
So my question is, if it's not possible to grant proxy privileges while
one's logged in with a proxy user?

Thanks in advance,
Fabian

References:
[1]:
https://mariadb.com/blog/configuring-pam-authentication-and-user-mapping-mariadb
[2]: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html

Attachment: signature.asc
Description: OpenPGP digital signature

Follow ups

Re: GRANT PROXY access denied with proxied User
From: Fabian Jucker, 2016-11-04