yum install -y mysql mysql-devel mysql-server
yum install -y pam_krb5 pam_mysql pam pam-devel
yum install -y cyrus-sasl cyrus-sasl-plain cyrus-sasl-devel cyrus-sasl-lib cyrus-sasl-gssapi
2.创建Open***使用的数据库与表
[root@gateway ~]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 65 Server version: 5.0.37-log Source distributionCopyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> create database ***;mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | test | | *** | +--------------------+ 4 rows in set (0.02 sec)mysql> use ***;mysql> CREATE TABLE ***user ( name char(20) NOT NULL, password char(128) default NULL, active int(10) NOT NULL DEFAULT 1, PRIMARY KEY (name));mysql> show tables; +---------------+ | Tables_in_*** | +---------------+ | ***user | +---------------+ 1 row in set (0.00 sec)
mysql>grant all on *.* to '***@'localhost'>
mysql>flush privileges;
#为数据库创建管理员用户密码;
3.创建测试用户
[root@gateway ~]# mysql -u*** -p***123Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 65 Server version: 5.0.37-log Source distributionCopyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> insert into ***user (name,password) values('user1',password('123456'));mysql> insert into ***user (name,password) values('user2',password('123456'));mysql> insert into ***user (name,password) values('user3',password('123456'));mysql> select * from ***user; +-------+-------------------------------------------+--------+ | name | password | active | +-------+-------------------------------------------+--------+ | user1 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | 1 | | user2 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | 1 | | user3 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | 1 | +-------+-------------------------------------------+--------+ 3 rows in set (0.00 sec) 注,我这里创建三个测试用户。
4.配置PAM mysql认证模块
[root@gateway ~]# vim /etc/pam.d/open*** #新建open***文件,用在open***的配置文件中调用auth required pam_mysql.so user=*** passwd=***123 host=127.0.0.1 db=*** \ table=***user usercolumn=name passwdcolumn=password \ where=active=1 sqllog=0 crypt=2 account required pam_mysql.so user=*** passwd=***123 host=127.0.0.1 db=*** \ table=***user usercolumn=name passwdcolumn=password \ where=active=1 sqllog=0 crypt=2 #crypt(0) -- Used to decide to use MySQL's PASSWORD() function or crypt() #0 = No encryption. Passwords in database in plaintext. NOT recommended! #1 = Use crypt #2 = Use MySQL PASSWORD() function