Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 40 10 Older Entries

Displaying posts with tag: authentication (reset)

Locking accounts in MySQL 5.7
Employee +1 Vote Up -0Vote Down

I’ve written previously about use cases where having accounts which cannot be used to establish client connections are useful. There are various hacks to accomplish this with legacy versions (insert invalid password hash into mysql.user table, etc.), and we introduced the mysql_no_login authentication plugin for this very purpose. Now as of MySQL 5.7.6, …

  [Read more...]
Improved ALTER USER syntax support in 5.7
Employee +1 Vote Up -0Vote Down

Complimenting the expanded CREATE USER syntax introduced in MySQL Server 5.7.6 is more useful ALTER USER syntax.  Before MySQL Server 5.7.6, ALTER USER could only be used to expire a user’s password.  That’s pretty limited.  With changes made in MySQL Server 5.7.6, a better distinction is made between privilege-level …

  [Read more...]
Building a better CREATE USER command
Employee +1 Vote Up -0Vote Down

Prior to MySQL 5.7, the CREATE USER command had a number of limitations:

  • No way to set both authentication plugin and password
  • No way to disable a user
  • No way to define user resource limitations
  • No way to set a non-default password expiration policy
  • No way to require SSL/x509

All of these things could be done through other means, but typically involved other statements, such as GRANT commands.  Starting with MySQL 5.7.6, these can all be done through a new and improved CREATE USER syntax:

Passwords and authentication plugin …

  [Read more...]
Stop using FLUSH PRIVILEGES
+0 Vote Up -0Vote Down

Mermaids have the same probability of fixing your permission problems, but people continue believing in the FLUSH PRIVILEGES myth.

I see suggesting the usage of FLUSH PRIVILEGES every time someone writes a tutorial or a solution to a problem regarding creating a new account or providing different privileges. For example, the top post on /r/mysql as of the writing of these lines, …

  [Read more...]
Setting up authentication en masse
+0 Vote Up -0Vote Down

Managing many hosts is quite challenging task. There are many tools to solve the problem. My favorite is pdsh.

Running a command across a set of hosts is as simple as following:

# pdsh -w 192.168.177.[201-208] -R ssh reboot

Together with dshbak (which is a part of pdsh package) you can do even cooler things. Like, check which systems have yum:

# pdsh -w 192.168.177.[201-208] -R ssh "which yum" | dshbak -c
----------------
192.168.177.[201-203]
----------------
/usr/bin/yum 

Or which systems run older version of MySQL

  [Read more...]
MySQL 5.6 Experiences - .mylogin.cnf and mysql_config_editor
+0 Vote Up -0Vote Down

Having  basic ideas of how I am going to describe new features explained, I can proceed with some real (and I hope useful) content. As I read this page about new features from top to bottom, let's start with security improvements...

.mylogin.cnf and mysql_config_editor  Details:

  • you can store authentication credentials encrypted in an option file named .mylogin.cnf (in user's home …


  [Read more...]
Speaking at MySQL Connect 2012
Employee_Team +5 Vote Up -0Vote Down

At the end of September, the MySQL Connect 2012 conference will be held as part of Oracle OpenWorld in San Francisco. MySQL Connect is a two day event that allows attendees to focus on MySQL at a technical depth with presentations and interaction with many of the MySQL developers, engineers and other knowledgeable staff. There is also a range a international speakers to give broader knowledge to the presentations.

I am presenting a Hands-On Lab on Sunday 30th September 16:15 - 17:15 entitled …

  [Read more...]
MySQL PAM/LDAP authentication module configuration
+2 Vote Up -1Vote Down

MySQL Enterprise 5.5 (trial version available here) includes MySQL PAM authentication plugin. In this post I will show how to configure it with the OpenLDAP and Active Directory.

MySQL PAM authentication uses Linux pam_ldap library to send the calls. To configure MySQL LDAP authentication we will need to configure pam_ldap on linux.

OpenLDAP Linux configuration

  • Make sure that libpam-ldap/openldap is installed. If not, on RedHat/CentOS use commands:

# yum install openldap openldap-clients

  • Configure …
  [Read more...]
Windows Native Authentication for MySQL
Employee +0 Vote Up -0Vote Down

Starting with MySQL 5.5.16 it is possible to setup a password-less connections from clients into MySQL server using Windows SSPI authentication framework. This functionality is provided by Windows Native Authentication (WNA) plugin distributed with the commercial version of 5.5.16 server. The client-side support for WNA authentication is built into the client library (libmysql) distributed with the community version of 5.5.16 server and requires no additional configuration. Clients which link to 5.5.16 or higher version of libmysql will be able to connect to MySQL accounts using WNA authentication out-of-the box.

For password-less …

  [Read more...]
Windows Native Authentication for MySQL
Employee +0 Vote Up -0Vote Down

Starting with MySQL 5.5.16 it is possible to setup a password-less connections from clients into MySQL server using Windows SSPI authentication framework. This functionality is provided by Windows Native Authentication (WNA) plugin distributed with the commercial version of 5.5.16 server. The client-side support for WNA authentication is built into the client library (libmysql) distributed with the community version of 5.5.16 server and requires no additional configuration. Clients which link to 5.5.16 or higher version of libmysql will be able to connect to MySQL accounts using WNA authentication out-of-the box.

For password-less …

  [Read more...]
Showing entries 1 to 10 of 40 10 Older Entries

Planet MySQL © 1995, 2015, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.