Rechercher dans le manuel MySQL
6.5.1.4 Client-Side Cleartext Pluggable Authentication
A client-side authentication plugin is available that sends the password to the server without hashing or encryption. This plugin is built into the MySQL client library.
The following table shows the plugin name.
Table 6.15 Plugin and Library Names for Cleartext Authentication
| Plugin or File | Plugin or File Name |
|---|---|
| Server-side plugin | None, see discussion |
| Client-side plugin | mysql_clear_password |
| Library file | None (plugin is built in) |
With many MySQL authentication methods, the client performs hashing or encryption of the password before sending it to the server. This enables the client to avoid sending the password in clear text.
Hashing or encryption cannot be done for authentication schemes
that require the server to receive the password as entered on
the client side. In such cases, the client-side
mysql_clear_password plugin is used to send
the password to the server in clear text. There is no
corresponding server-side plugin. Rather, the client-side plugin
can be used by any server-side plugin that needs a cleartext
password. (Examples are the PAM and simple LDAP authentication
plugins; see Section 6.5.1.5, “PAM Pluggable Authentication”, and
Section 6.5.1.7, “LDAP Pluggable Authentication”.)
The following discussion provides usage information specific to clear text pluggable authentication. For For general information about pluggable authentication in MySQL, see Section 6.3.10, “Pluggable Authentication”.
Sending passwords in clear text may be a security problem in some configurations. To avoid problems if there is any possibility that the password would be intercepted, clients should connect to MySQL Server using a method that protects the password. Possibilities include SSL (see Section 6.4, “Using Encrypted Connections”), IPsec, or a private network.
To make inadvertent use of the
mysql_clear_password plugin less likely,
MySQL clients must explicitly enable it. This can be done in
several ways:
Set the
LIBMYSQL_ENABLE_CLEARTEXT_PLUGINenvironment variable to a value that begins with1,Y, ory. This enables the plugin for all client connections.The mysql, mysqladmin, mysqlcheck, mysqldump, mysqlshow, and mysqlslap client programs support an
--enable-cleartext-pluginoption that enables the plugin on a per-invocation basis.The
mysql_options()C API function supports aMYSQL_ENABLE_CLEARTEXT_PLUGINoption that enables the plugin on a per-connection basis. Also, any program that useslibmysqlclientand reads option files can enable the plugin by including anenable-cleartext-pluginoption in an option group read by the client library.
Traduction non disponible
Le manuel MySQL n'est pas encore traduit en français sur l'infobrol. Seule la version anglaise est disponible pour l'instant.
Document créé le 26/06/2006, dernière modification le 26/10/2018
Source du document imprimé : https://www.gaudry.be/mysql-rf-cleartext-pluggable-authentication.html
L'infobrol est un site personnel dont le contenu n'engage que moi. Le texte est mis à disposition sous licence CreativeCommons(BY-NC-SA). Plus d'info sur les conditions d'utilisation et sur l'auteur.
Références
Ces références et liens indiquent des documents consultés lors de la rédaction de cette page, ou qui peuvent apporter un complément d'information, mais les auteurs de ces sources ne peuvent être tenus responsables du contenu de cette page.
L'auteur de ce site est seul responsable de la manière dont sont présentés ici les différents concepts, et des libertés qui sont prises avec les ouvrages de référence. N'oubliez pas que vous devez croiser les informations de sources multiples afin de diminuer les risques d'erreurs.
