Planet MySQL Planet MySQL: Meta Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 10 of 35 10 Older Entries

Displaying posts with tag: authentication (reset)

Setting up authentication en masse
+0 Vote Up -0Vote Down

Managing many hosts is quite challenging task. There are many tools to solve the problem. My favorite is pdsh.

Running a command across a set of hosts is as simple as following:

# pdsh -w 192.168.177.[201-208] -R ssh reboot

Together with dshbak (which is a part of pdsh package) you can do even cooler things. Like, check which systems have yum:

# pdsh -w 192.168.177.[201-208] -R ssh "which yum" | dshbak -c
----------------
192.168.177.[201-203]
----------------
/usr/bin/yum 

Or which systems run older version of MySQL

# pdsh -w 192.168.177.[201-208] -R ssh "mysql -e \"SHOW VARIABLES LIKE 'version'\""  | dshbak -c
----------------
192.168.177.[201-203]
----------------
Variable_name   Value
version 5.6.19
----------------
192.168.177.[204-208]
  [Read more...]
MySQL 5.6 Experiences - .mylogin.cnf and mysql_config_editor
+0 Vote Up -0Vote Down
Having  basic ideas of how I am going to describe new features explained, I can proceed with some real (and I hope useful) content. As I read this page about new features from top to bottom, let's start with security improvements...

.mylogin.cnf and mysql_config_editor

 

Details:

  • you can store authentication credentials encrypted in an option file named .mylogin.cnf (in user's home directory or in %APPDATA%\MySQL on Windows)
  • password is no longer stored in plain text (like in .my.cnf) and still is not exposed in


  [Read more...]
Speaking at MySQL Connect 2012
Employee_Team +5 Vote Up -0Vote Down

At the end of September, the MySQL Connect 2012 conference will be held as part of Oracle OpenWorld in San Francisco. MySQL Connect is a two day event that allows attendees to focus on MySQL at a technical depth with presentations and interaction with many of the MySQL developers, engineers and other knowledgeable staff. There is also a range a international speakers to give broader knowledge to the presentations.

I am presenting a Hands-On Lab on Sunday 30th September 16:15 - 17:15 entitled HOL10474 - MySQL Security:

  [Read more...]
MySQL PAM/LDAP authentication module configuration
+2 Vote Up -1Vote Down

MySQL Enterprise 5.5 (trial version available here) includes MySQL PAM authentication plugin. In this post I will show how to configure it with the OpenLDAP and Active Directory.

MySQL PAM authentication uses Linux pam_ldap library to send the calls. To configure MySQL LDAP authentication we will need to configure pam_ldap on linux.

OpenLDAP Linux configuration

  • Make sure that libpam-ldap/openldap is installed. If not, on RedHat/CentOS use commands:

# yum install openldap openldap-clients

  • Configure /etc/ldap.conf. Sample configuration:

debug 10 # set debug level only during the initial configuration
base dc=corp,dc=company_name,dc=com
binddn cn=service_account,OU=Service Accounts,OU=US

  [Read more...]
Windows Native Authentication for MySQL
Employee +0 Vote Up -0Vote Down
Starting with MySQL 5.5.16 it is possible to setup a password-less connections from clients into MySQL server using Windows SSPI authentication framework. This functionality is provided by Windows Native Authentication (WNA) plugin distributed with the commercial version of 5.5.16 server. The client-side support for WNA authentication is built into the client library (libmysql) distributed with the community version of 5.5.16 server and requires no additional configuration. Clients which link to 5.5.16 or higher version of libmysql will be able to connect to MySQL accounts using WNA authentication out-of-the box.

For password-less connections to work, server's administrator must install the WNA plugin in the server and create user accounts which use this plugin for authentication. It is also possible to allow connections to existing MySQL accounts via a proxy

  [Read more...]
Windows Native Authentication for MySQL
Employee +0 Vote Up -0Vote Down
Starting with MySQL 5.5.16 it is possible to setup a password-less connections from clients into MySQL server using Windows SSPI authentication framework. This functionality is provided by Windows Native Authentication (WNA) plugin distributed with the commercial version of 5.5.16 server. The client-side support for WNA authentication is built into the client library (libmysql) distributed with the community version of 5.5.16 server and requires no additional configuration. Clients which link to 5.5.16 or higher version of libmysql will be able to connect to MySQL accounts using WNA authentication out-of-the box.

For password-less connections to work, server's administrator must install the WNA plugin in the server and create user accounts which use this plugin for authentication. It is also possible to allow connections to existing MySQL accounts via a proxy

  [Read more...]
Centralized Login Management Comes to MySQL: Introducing PAM and Windows Authentication Support
Employee +7 Vote Up -2Vote Down
You probably remember the world of new possibilities introduced to MySQL 5.5. If you do, you probably would agree that no API is useful by itself.

This is why you need authentication plugins that fit the largest possible number of authentication setups.

I can only guess what these authentication solutions look like for your server. But chances are that your OS has a pretty good idea on how best to authenticate users in it. This is why we've decided to hook MySQL to the two most widely used OS authentication APIs : Pluggable Authentication Modules (a.k.a PAM) and the Windows Security Support Provider

  [Read more...]
Centralized Login Management Comes to MySQL: Introducing PAM and Windows Authentication Support
Employee +0 Vote Up -0Vote Down
You probably remember the world of new possibilities introduced to MySQL 5.5. If you do, you probably would agree that no API is useful by itself.

This is why you need authentication plugins that fit the largest possible number of authentication setups.

I can only guess what these authentication solutions look like for your server. But chances are that your OS has a pretty good idea on how best to authenticate users in it. This is why we've decided to hook MySQL to the two most widely used OS authentication APIs : Pluggable Authentication Modules (a.k.a PAM) and the Windows Security Support Provider

  [Read more...]
Drizzle 7 plugins
+1 Vote Up -0Vote Down

Last week I wrote about my experience compiling Drizzle 7 on Mac OS X 10.6. Then David Shrewsbury informed me of his nearly identical blog post: Installing Drizzle from source on OS X. Once Drizzle 7 was running on my box, I immediately looked to see what plugins where available because Drizzle uses a lot of plugins and they are one of its notable differences from MySQL. In my humble opinion, Drizzle’s plugins will primarily influence how database professionals evaluate and decide whether or not to use Drizzle because so many of Drizzle’s features are plugins. Therefore, let’s look briefly at some the plugins included with Drizzle 7.

The plugin directory of the Drizzle 7

  [Read more...]
Recovering a MySQL `root` password – Three solutions
+3 Vote Up -0Vote Down

Three ways to recover a root user password:

The order of solutions here under gets more creative on the way down :)

1. obviously, before starting messing around check my.cnf or scripts for passwords entries, then try home directories for password files
2. secondly – can you restart mysql? if yes, restart with –skip-grant-tables, log into mysql, change your password and restart without –skip-grant-tables
3. third option – (on linux / unix ONLY)
If you haven’t found the password anywhere and can’t afford to restart your mysql.

cd data/mysql
cp -rp user.MYD bck_user.MYD_`date +%Y%m%d`
cp -rp user.MYD /tmp/user.MYD
vi /tmp/user.MYD #(edit the hashed passwords next to root*)
cp -rp /tmp/user.MYD user.MYD
sudo kill -HUP `pidof mysqld`

Note that the latter method of recovering a




  [Read more...]
Showing entries 1 to 10 of 35 10 Older Entries

Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.