What is the shadow support ?
-----------------------------

The shadow support allows you to simulate the libshadow
behaviour. This means that only root can read the users
encrypted password.

How to use the shadow support ?
-------------------------------

You have to configure /etc/nss-mysql-root.conf.
This file must be owned by root and only readable by it.
If someone else can read it, he(she) will be able to
connect to your MySQL database and read every
encrypted password.

If the password field is in the same table as the other
user information (like in sample.sql). The user specified in 
/etc/nss-mysql.conf must NOT be able to read the password column.

Here are GRANT directives corresponding to sample.sql and to the 
default values of the configuration files.

We suggest that you use a program like makepasswd to generate the passwords.
(Their length should be larger than 15 characters).

$ mysql -u root -p mysql

> GRANT select(user_name,user_id,uid,realname,shell) on nss-myql.user 
  to nss@localhost identified by 'password';

> GRANT select(group_name,group_id) on nss-mysql.groups to nss@localhost
  identified by 'password';

> GRANT select(user_id,group_id) on nss-mysql.user_group to nss@localhost;
  identified by 'password';

> GRANT select(user_name,password) on nss-mysql.user to 'nss-shadow'@localhost
  identified by 'another_password';
 
> FLUSH PRIVILEGES;

> quit
