Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 42 10 Older Entries

Displaying posts with tag: authentication (reset)

SSL/TLS Connections to Recent MySQL Servers in Java
Employee +0 Vote Up -0Vote Down

Recent changes to support better security by increasing strength of Diffie-Hellman cipher suites from 512-bit to 2048-bit were introduced to MySQL Server 5.7. While this change enhances security, it is an aggressive change in that 2048-bit DH ciphers are not universally supported. This has become a problem specifically for Java users, as only Java 8 JRE (currently) supports DH ciphers greater than 1024 bits. Making the problem more acute, this change was back-ported from MySQL Server 5.7 to the recent …

  [Read more...]
SSL/TLS in 5.6 and 5.5 – oCERT Advisory
Employee +1 Vote Up -0Vote Down

Today, oCERT published advisory 2015-003 describing a TLS vulnerability in MySQL and derivative products.  The content isn’t exactly news – it is documented legacy behavior and the subject of an earlier blog post describing how MySQL Server 5.7 solves the problem.  That said, the efforts of Duo Security are certainly appreciated and welcomed – it provides a meaningful context to discuss how to properly …

  [Read more...]
Locking accounts in MySQL 5.7
Employee +1 Vote Up -0Vote Down

I’ve written previously about use cases where having accounts which cannot be used to establish client connections are useful. There are various hacks to accomplish this with legacy versions (insert invalid password hash into mysql.user table, etc.), and we introduced the mysql_no_login authentication plugin for this very purpose. Now as of MySQL 5.7.6, …

  [Read more...]
Improved ALTER USER syntax support in 5.7
Employee +1 Vote Up -0Vote Down

Complimenting the expanded CREATE USER syntax introduced in MySQL Server 5.7.6 is more useful ALTER USER syntax.  Before MySQL Server 5.7.6, ALTER USER could only be used to expire a user’s password.  That’s pretty limited.  With changes made in MySQL Server 5.7.6, a better distinction is made between privilege-level …

  [Read more...]
Building a better CREATE USER command
Employee +1 Vote Up -0Vote Down

Prior to MySQL 5.7, the CREATE USER command had a number of limitations:

  • No way to set both authentication plugin and password
  • No way to disable a user
  • No way to define user resource limitations
  • No way to set a non-default password expiration policy
  • No way to require SSL/x509

All of these things could be done through other means, but typically involved other statements, such as GRANT commands.  Starting with MySQL 5.7.6, these can all be done through a new and improved CREATE USER syntax:

Passwords and authentication plugin …

  [Read more...]
+0 Vote Up -0Vote Down

Mermaids have the same probability of fixing your permission problems, but people continue believing in the FLUSH PRIVILEGES myth.I see suggesting the usage of FLUSH PRIVILEGES every time someone writes a tutorial or a solution to a problem regarding creating a new account or providing different privileges. For example, the top post on /r/mysql as of the writing of these lines, …

  [Read more...]
Setting up authentication en masse
+0 Vote Up -0Vote Down

Managing many hosts is quite challenging task. There are many tools to solve the problem. My favorite is pdsh.

Running a command across a set of hosts is as simple as following:

# pdsh -w 192.168.177.[201-208] -R ssh reboot

Together with dshbak (which is a part of pdsh package) you can do even cooler things. Like, check which systems have yum:

# pdsh -w 192.168.177.[201-208] -R ssh "which yum" | dshbak -c

Or which systems run older version of MySQL

  [Read more...]
MySQL 5.6 Experiences - .mylogin.cnf and mysql_config_editor
+0 Vote Up -0Vote Down

Having  basic ideas of how I am going to describe new features explained, I can proceed with some real (and I hope useful) content. As I read this page about new features from top to bottom, let's start with security improvements...

.mylogin.cnf and mysql_config_editor  Details:

  • you can store authentication credentials encrypted in an option file named .mylogin.cnf (in user's home …

  [Read more...]
Speaking at MySQL Connect 2012
Employee_Team +5 Vote Up -0Vote Down

At the end of September, the MySQL Connect 2012 conference will be held as part of Oracle OpenWorld in San Francisco. MySQL Connect is a two day event that allows attendees to focus on MySQL at a technical depth with presentations and interaction with many of the MySQL developers, engineers and other knowledgeable staff. There is also a range a international speakers to give broader knowledge to the presentations.

I am presenting a Hands-On Lab on Sunday 30th September 16:15 - 17:15 entitled …

  [Read more...]
MySQL PAM/LDAP authentication module configuration
+2 Vote Up -1Vote Down

MySQL Enterprise 5.5 (trial version available here) includes MySQL PAM authentication plugin. In this post I will show how to configure it with the OpenLDAP and Active Directory.

MySQL PAM authentication uses Linux pam_ldap library to send the calls. To configure MySQL LDAP authentication we will need to configure pam_ldap on linux.

OpenLDAP Linux configuration

  • Make sure that libpam-ldap/openldap is installed. If not, on RedHat/CentOS use commands:

# yum install openldap openldap-clients

  • Configure …
  [Read more...]
Showing entries 1 to 10 of 42 10 Older Entries

Planet MySQL © 1995, 2015, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.