Rechercher dans le manuel MySQL

6.4.1.10 Test Pluggable Authentication

Contents

MySQL includes a test plugin that checks account credentials and logs success or failure to the server error log. This is a loadable plugin (not built in) and must be installed prior to use.

The test plugin source code is separate from the server source, unlike the built-in native plugin, so it can be examined as a relatively simple example demonstrating how to write a loadable authentication plugin.

Note

This plugin is intended for testing and development purposes, and is not for use in production environments or on servers that are exposed to public networks.

The following table shows the plugin and library file names. The file name suffix might differ on your system. The file must be located in the directory named by the plugin_dir system variable.

Table 6.21 Plugin and Library Names for Test Authentication

Plugin or File Plugin or File Name
Server-side plugin test_plugin_server
Client-side plugin auth_test_plugin
Library file auth_test_plugin.so

The following sections provide installation and usage information specific to test pluggable authentication:

For general information about pluggable authentication in MySQL, see Section 6.2.17, “Pluggable Authentication”.

Installing Test Pluggable Authentication

This section describes how to install the test authentication plugin. For general information about installing plugins, see Section 5.6.1, “Installing and Uninstalling Plugins”.

To be usable by the server, the plugin library file must be located in the MySQL plugin directory (the directory named by the plugin_dir system variable). If necessary, configure the plugin directory location by setting the value of plugin_dir at server startup.

To load the plugin at server startup, use the --plugin-load-add option to name the library file that contains it. With this plugin-loading method, the option must be given each time the server starts. For example, put these lines in the server my.cnf file (adjust the .so suffix for your platform as necessary): 

[mysqld]
plugin-load-add=auth_test_plugin.so

After modifying my.cnf, restart the server to cause the new settings to take effect.

Alternatively, to register the plugin at runtime, use this statement (adjust the .so suffix as necessary):

  1. INSTALL PLUGIN test_plugin_server SONAME 'auth_test_plugin.so';

INSTALL PLUGIN loads the plugin immediately, and also registers it in the mysql.plugins system table to cause the server to load it for each subsequent normal startup.

To verify plugin installation, examine the INFORMATION_SCHEMA.PLUGINS table or use the SHOW PLUGINS statement (see Section 5.6.2, “Obtaining Server Plugin Information”). For example:

  1. mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
  2.        FROM INFORMATION_SCHEMA.PLUGINS
  3.        WHERE PLUGIN_NAME LIKE '%test_plugin%';
  4. +--------------------+---------------+
  5. | PLUGIN_NAME        | PLUGIN_STATUS |
  6. +--------------------+---------------+
  7. | test_plugin_server | ACTIVE        |
  8. +--------------------+---------------+

If the plugin fails to initialize, check the server error log for diagnostic messages.

To associate MySQL accounts with the test plugin, see Using Test Pluggable Authentication.

Contents Haut

Uninstalling Test Pluggable Authentication

The method used to uninstall the test authentication plugin depends on how you installed it:

  • If you installed the plugin at server startup using a --plugin-load-add option, restart the server without the option.

  • If you installed the plugin at runtime using INSTALL PLUGIN, it remains installed across server restarts. To uninstall it, use UNINSTALL PLUGIN:

    1. UNINSTALL PLUGIN test_plugin_server;

Contents Haut

Using Test Pluggable Authentication

To use the test authentication plugin, create an account and name that plugin in the IDENTIFIED WITH clause:

  1. CREATE USER 'testuser'@'localhost'
  2. IDENTIFIED WITH test_plugin_server
  3. BY 'testpassword';

Then provide the --user and --password options for that account when you connect to the server. For example: 

shell> mysql --user=testuser --password
Enter password: testpassword

The plugin fetches the password as received from the client and compares it with the value stored in the authentication_string column of the account row in the mysql.user system table. If the two values match, the plugin returns the authentication_string value as the new effective user ID.

You can look in the server error log for a message indicating whether authentication succeeded (notice that the password is reported as the user): 

[Note] Plugin test_plugin_server reported:
'successfully authenticated user testpassword'

Find a PHP function

Document created the 26/06/2006, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/mysql-rf-test-pluggable-authentication.html

The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.

References

  1. View the html document Language of the document:en Manuel MySQL : https://dev.mysql.com/

These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.

Contents Haut