What is the shadow support ? ----------------------------- The shadow support allows you to simulate the libshadow behaviour. This means that only root can read the users'encrypted password. How do I enable shadow support ? -------------------------------- It is enabled by default. See INSTALL for more details. How to use the shadow support ? ------------------------------- You have to configure /etc/nss-mysql-root.conf. This file MUST be owned by root and ONLY readable by it. If someone else can read it, he(she) will be able to connect to your MySQL database and read every encrypted password. If this is the case, nss-mysql will refuse to function. If the password field is in the same table as the other user information (like in sample.sql). The user specified in /etc/nss-mysql.conf must NOT be able to read the password column. Here are GRANT directives corresponding to sample.sql and to the default values of the configuration files. We suggest that you use a program like makepasswd to generate the passwords. (Their length should be larger than 15 characters). $ mysql -u root -p mysql > GRANT select(user_name,user_id,uid,gid,realname,shell,homedir,status) on nss_mysql.user to nss@localhost identified by 'password'; > GRANT select(group_name,group_id,gid,group_password,status) on nss_mysql.groups to nss@localhost identified by 'password'; > GRANT select(user_id,group_id) on nss_mysql.user_group to nss@localhost identified by 'password'; ## NOTE if you want to include lastchange,min,max,expire,warn or inact ## shadow extentions in your database, you must add these columns to the ## following SQL request. > GRANT select(user_name,password,user_id,status,name) on nss_mysql.user to 'nss-shadow'@localhost identified by 'another_password'; > FLUSH PRIVILEGES; > quit