maria-discuss team mailing list archive

Thread
Date

Re: GRANT PROXY access denied with proxied User

To: maria-discuss@xxxxxxxxxxxxxxxxxxx
From: Fabian Jucker <jucker@xxxxxxxxxxxxx>
Date: Fri, 4 Nov 2016 08:16:36 +0100
In-reply-to: <b9fda748-8cc7-61e5-7f65-dc42e2669e6d@gyselroth.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0

Hi there,

Someone have any ideas/hints/knowledge about this issue?

Regards,
Fabian

On 08/25/2016 03:56 PM, Fabian Jucker wrote:
> Hi,
> At our enterprise we have a DBA-User proxied with "GRANT PROXY ON
> 'dba'@'%' TO ''@'%'" and backed by pam module (roughly according to [1])
> to login from our ldap-accounts.
>
> When logging in via pam into the DBA-Role I'm unable to grant the proxy
> privileges to other users.
>
> Following [2] (MySQL docs, because the MariaDB docs are lacking any
> further information about this) I already tried to "GRANT PROXY ON
> 'dba'@'%' TO ''@'%' WITH GRANT OPTION" and "GRANT PROXY ON ''@'' TO
> 'dba'@'%' WITH GRANT OPTION" (as [2] is ambiguous about if the
> "proxied_user" or the "proxy_user" should have the "WITH GRANT OPTION"),
> but neither the first grant nor the second one showed any effect.
>
> When I grant the proxy privilege with grant option to a local user, this
> user is able to grant the proxy privileges to other users.
> So my question is, if it's not possible to grant proxy privileges while
> one's logged in with a proxy user?
>
> Thanks in advance,
> Fabian
>
> References:
> [1]:
> https://mariadb.com/blog/configuring-pam-authentication-and-user-mapping-mariadb
> [2]: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html
>
>

Attachment: signature.asc
Description: OpenPGP digital signature

References

GRANT PROXY access denied with proxied User
From: Fabian Jucker, 2016-08-25