"Fossies" - the Fresh Open Source Software Archive

Member "drizzle-7.1.36-stable/docs/administration/authentication.rst" (6 May 2012, 3276 Bytes) of package /linux/misc/old/drizzle-7.1.36-stable.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field.

Authentication

Authentication is any process by which you verify that someone is who they claim they are.1

Drizzle authentication is handled by plugins; by default there is no single source where users are defined, such as a system user table, but each authentication plugin will use different sources to verify the usernames and passwords. (The plugin auth_schema does however keep users in a table inside Drizzle, much like the familiar MySQL way of authenticating users works.). Choosing an authentication plugin, configuring it, and disabling all other authentication plugins should be one of your first administrative tasks.

One or more authentication plugins must be loaded, else no connections can be made to Drizzle. On most systems, the /plugins/auth_all/index plugin is loaded by default which, as its name suggests, allows all connections regardless of username or password. (Some distributions enable the /plugins/auth_file/index plugin by default instead).

The /plugins/auth_schema/index plugin first shipped with Drizzle 7.1 Beta 2011.10.28. This plugin provides an authentication method that is both secure and easy to use, and it is similar to how MySQL authentication works so will be familiar to many users. If you don't know which authentication plugin to use, you should start with configuring /plugins/auth_schema/index. Likewise we warmly recommend distributors to consider enabling this plugin by default.

The following authentication plugins are included with Drizzle:

Protocols

Drizzle has three protocols which affect how clients send passwords to MySQL:

Protocol Password
mysql Encrypted
mysql-plugin-auth Plaintext
drizzle (Not used)

These protocols correspond to the drizzle_command_line_client --protocol option.

The mysql protocol is default, but some authentication plugins require the mysql-plugin-auth protocol:

Plugin Protocol
auth_all_plugin Any
auth_file_plugin mysql
auth_http_plugin mysql-plugin-auth
auth_ldap_plugin Any
auth_pam_plugin mysql-plugin-auth
auth_schema_plugin mysql

Footnotes


  1. Authentication, Authorization, and Access Control↩︎