On the MySQL Proxy channel we get questions from time to time if the authentication can be intercepted and replaced data from a external source.
From now on, you can. For example if you want to get data from a external source (like LDAP) or want to implement roles.Mapping Accounts to “Roles”
There isn’t much needed to implement Roles for MySQL with the help of the MySQL Proxy.
mysql.userdoesn’t contain users, but roles instead
- the proxy maps user-accounts to role-accounts with a script like above
It works like this:
login to the proxy
$ mysql --user=jan --password=secret --port=4040
proxy looks up username password, finds a role for him
proxy replaces credentials ad hoc
mysql-server sees the role-name and