Movatterモバイル変換

Table 8.25 Plugin and Library Names for Socket Peer-Credential Authentication

• Installing Socket Pluggable Authentication

• Uninstalling Socket Pluggable Authentication

• Using Socket Pluggable Authentication

This section describes how to install the socket authentication plugin. For general information about installing plugins, seeSection 7.6.1, “Installing and Uninstalling Plugins”.

To be usable by the server, the plugin library file must be located in the MySQL plugin directory (the directory named by theplugin_dir system variable). If necessary, configure the plugin directory location by setting the value ofplugin_dir at server startup.

To load the plugin at server startup, use the--plugin-load-add option to name the library file that contains it. With this plugin-loading method, the option must be given each time the server starts. For example, put these lines in the servermy.cnf file:

[mysqld]plugin-load-add=auth_socket.so

After modifyingmy.cnf, restart the server to cause the new settings to take effect.

Alternatively, to load the plugin at runtime, use this statement:

INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';

INSTALL PLUGIN loads the plugin immediately, and also registers it in themysql.plugins system table to cause the server to load it for each subsequent normal startup without the need for--plugin-load-add.

To verify plugin installation, examine the Information SchemaPLUGINS table or use theSHOW PLUGINS statement (seeSection 7.6.2, “Obtaining Server Plugin Information”). For example:

mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS       FROM INFORMATION_SCHEMA.PLUGINS       WHERE PLUGIN_NAME LIKE '%socket%';+-------------+---------------+| PLUGIN_NAME | PLUGIN_STATUS |+-------------+---------------+| auth_socket | ACTIVE        |+-------------+---------------+

If the plugin fails to initialize, check the server error log for diagnostic messages.

To associate MySQL accounts with the socket plugin, seeUsing Socket Pluggable Authentication.

The method used to uninstall the socket authentication plugin depends on how you installed it:

The socket plugin checks whether the socket user name (the operating system user name) matches the MySQL user name specified by the client program to the server. If the names do not match, the plugin checks whether the socket user name matches the name specified in theauthentication_string column of themysql.user system table row. If a match is found, the plugin permits the connection. Theauthentication_string value can be specified using anIDENTIFIED ...AS clause withCREATE USER orALTER USER.

Suppose that a MySQL account is created for an operating system user namedvalerie who is to be authenticated by theauth_socket plugin for connections from the local host through the socket file:

CREATE USER 'valerie'@'localhost' IDENTIFIED WITH auth_socket;

If a user on the local host with a login name ofstefanie invokesmysql with the option--user=valerie to connect through the socket file, the server usesauth_socket to authenticate the client. The plugin determines that the--user option value (valerie) differs from the client user's name (stephanie) and refuses the connection. If a user namedvalerie tries the same thing, the plugin finds that the user name and the MySQL user name are bothvalerie and permits the connection. However, the plugin refuses the connection even forvalerie if the connection is made using a different protocol, such as TCP/IP.

To permit both thevalerie andstephanie operating system users to access MySQL through socket file connections that use the account, this can be done two ways:

To access the account, bothvalerie andstephanie specify--user=valerie at connect time.