What is the shadow support ?
-----------------------------

The shadow support allows you to simulate the libshadow
behaviour. This means that only root can read the 
users'encrypted password.

How do I enable shadow support ?
--------------------------------

It is enabled by default. See INSTALL for more details.

How to use the shadow support ?
-------------------------------

You have to configure /etc/nss-mysql-root.conf.
This file MUST be owned by root and ONLY readable by it.
If someone else can read it, he(she) will be able to
connect to your MySQL database and read every
encrypted password. If this is the case, nss-mysql will
refuse to function.

If the password field is in the same table as the other
user information (like in sample.sql). The user specified in 
/etc/nss-mysql.conf must NOT be able to read the password column.

Here are GRANT directives corresponding to sample.sql and to the 
default values of the configuration files.

We suggest that you use a program like makepasswd to generate the 
passwords. (Their length should be larger than 15 characters).

$ mysql -u root -p mysql

> GRANT select(user_name,user_id,uid,gid,realname,shell,homedir,status) on 
  nss_mysql.user to nss@localhost identified by 'password';

> GRANT select(group_name,group_id,gid,group_password,status) on
  nss_mysql.groups to nss@localhost identified by 'password';

> GRANT select(user_id,group_id) on nss_mysql.user_group to nss@localhost
  identified by 'password';

## NOTE if you want to include lastchange,min,max,expire,warn or inact
## shadow extentions in your database, you must add these columns to the
## following SQL request.

> GRANT select(user_name,password,user_id,status,name) on nss_mysql.user to
  'nss-shadow'@localhost identified by 'another_password';
 
> FLUSH PRIVILEGES;

> quit