maria-discuss team mailing list archive
Mailing list archive
pam / ldap auth
I installed mariadb using the stock debian packages, configured pam
authentication, and configured a mysql pam module like this:
> auth required pam_winbind.so
> account required pam_winbind.so
As I also added the server to my AD domain, this basically gives my
samba winbind users access to mysql using their windows credentials:
> root@mysqlserver:~# mysql -udomain_username -p
> Enter password: <windows_domain_password>
> Welcome to the MariaDB monitor. Commands end with ; or \g.
> Your MariaDB connection id is 6
> Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
> Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
> Type 'help;' or '\h' for help. Type '\c' to clear the current input
> MariaDB [(none)]>
So I was happy.
Until I found out this works only from the localhost mariadb is running
on. Trying this from a remote mysql client gives:
> user@e7470 ~ $ mysql -udomain_user -p -h mysqlserver.full.address
> Enter password: ERROR 2059 (HY000): Authentication plugin 'dialog'
cannot be loaded: /usr/lib/mysql/plugin/dialog.so: cannot open shared
object file: No such file or directory
and searching on that remote server for /usr/lib/mysql/plugin/dialog.so
gives no results:
> user@e7470 ~ $ dpkg --search /usr/lib/mysql/plugin/dialog.so
> dpkg-query: no path found matching pattern
Anyone here with a good suggestion how to make this work from a
'regular' remote mysql client?
But more fundamentally: is it possible to have mariadb ldap auth on a
server, *without* requiring anything special on the client side?