← Back to team overview

maria-discuss team mailing list archive

Re: GRANT PROXY access denied with proxied User


Hi there,

Someone have any ideas/hints/knowledge about this issue?


On 08/25/2016 03:56 PM, Fabian Jucker wrote:
> Hi,
> At our enterprise we have a DBA-User proxied with "GRANT PROXY ON
> 'dba'@'%' TO ''@'%'" and backed by pam module (roughly according to [1])
> to login from our ldap-accounts.
> When logging in via pam into the DBA-Role I'm unable to grant the proxy
> privileges to other users.
> Following [2] (MySQL docs, because the MariaDB docs are lacking any
> further information about this) I already tried to "GRANT PROXY ON
> 'dba'@'%' TO ''@'%' WITH GRANT OPTION" and "GRANT PROXY ON ''@'' TO
> 'dba'@'%' WITH GRANT OPTION" (as [2] is ambiguous about if the
> "proxied_user" or the "proxy_user" should have the "WITH GRANT OPTION"),
> but neither the first grant nor the second one showed any effect.
> When I grant the proxy privilege with grant option to a local user, this
> user is able to grant the proxy privileges to other users.
> So my question is, if it's not possible to grant proxy privileges while
> one's logged in with a proxy user?
> Thanks in advance,
> Fabian
> References:
> [1]:
> https://mariadb.com/blog/configuring-pam-authentication-and-user-mapping-mariadb
> [2]: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html

Attachment: signature.asc
Description: OpenPGP digital signature