[Maria-discuss] GRANT PROXY access denied with proxied User
Hi, At our enterprise we have a DBA-User proxied with "GRANT PROXY ON 'dba'@'%' TO ''@'%'" and backed by pam module (roughly according to [1]) to login from our ldap-accounts. When logging in via pam into the DBA-Role I'm unable to grant the proxy privileges to other users. Following [2] (MySQL docs, because the MariaDB docs are lacking any further information about this) I already tried to "GRANT PROXY ON 'dba'@'%' TO ''@'%' WITH GRANT OPTION" and "GRANT PROXY ON ''@'' TO 'dba'@'%' WITH GRANT OPTION" (as [2] is ambiguous about if the "proxied_user" or the "proxy_user" should have the "WITH GRANT OPTION"), but neither the first grant nor the second one showed any effect. When I grant the proxy privilege with grant option to a local user, this user is able to grant the proxy privileges to other users. So my question is, if it's not possible to grant proxy privileges while one's logged in with a proxy user? Thanks in advance, Fabian References: [1]: https://mariadb.com/blog/configuring-pam-authentication-and-user-mapping-mar... [2]: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html
Hi there, Someone have any ideas/hints/knowledge about this issue? Regards, Fabian On 08/25/2016 03:56 PM, Fabian Jucker wrote:
Hi, At our enterprise we have a DBA-User proxied with "GRANT PROXY ON 'dba'@'%' TO ''@'%'" and backed by pam module (roughly according to [1]) to login from our ldap-accounts.
When logging in via pam into the DBA-Role I'm unable to grant the proxy privileges to other users.
Following [2] (MySQL docs, because the MariaDB docs are lacking any further information about this) I already tried to "GRANT PROXY ON 'dba'@'%' TO ''@'%' WITH GRANT OPTION" and "GRANT PROXY ON ''@'' TO 'dba'@'%' WITH GRANT OPTION" (as [2] is ambiguous about if the "proxied_user" or the "proxy_user" should have the "WITH GRANT OPTION"), but neither the first grant nor the second one showed any effect.
When I grant the proxy privilege with grant option to a local user, this user is able to grant the proxy privileges to other users. So my question is, if it's not possible to grant proxy privileges while one's logged in with a proxy user?
Thanks in advance, Fabian
References: [1]: https://mariadb.com/blog/configuring-pam-authentication-and-user-mapping-mar... [2]: https://dev.mysql.com/doc/refman/5.5/en/proxy-users.html
participants (1)
-
Fabian Jucker