ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Yuav Siv MySQL li cas yam tsis muaj Password (thiab Kev Nyab Xeeb Kev Nyab Xeeb)

Yuav Siv MySQL li cas yam tsis muaj Password (thiab Kev Nyab Xeeb Kev Nyab Xeeb)

Yuav Siv MySQL li cas yam tsis muaj Password (thiab Kev Nyab Xeeb Kev Nyab Xeeb)

Lawv hais tias tus password zoo tshaj yog qhov koj tsis tas yuav nco qab. Nyob rau hauv cov ntaub ntawv ntawm MySQL qhov no yog ua tau ua tsaug rau lub plugin auth_socket thiab nws version rau MariaDB - unix_socket.

Ob leeg ntawm cov plugins no tsis yog tshiab txhua, lawv tau tham ntau heev hauv qhov blog no, piv txwv li hauv kab lus hais txog Yuav hloov passwords li cas hauv MySQL 5.7 siv auth_socket plugin. Txawm li cas los xij, thaum saib dab tsi tshiab hauv MariaDB 10.4, Kuv pom tias unix_socket tam sim no tau teeb tsa los ntawm lub neej ntawd thiab yog ib qho ntawm cov kev lees paub ("ib qho", vim tias hauv MariaDB 10.4 ntau tshaj ib lub plugin muaj rau ib tus neeg siv rau kev lees paub, uas tau piav qhia hauv daim ntawv "Authentication" los ntawm MariaDB 10.04).

Raws li kuv tau hais, qhov no tsis yog xov xwm, thiab thaum txhim kho MySQL siv cov pob khoom .deb txhawb nqa los ntawm pab pawg Debian, tus neeg siv hauv paus yog tsim rau kev lees paub lub qhov (socket authentication). Qhov no muaj tseeb rau ob qho tib si MySQL thiab MariaDB.

root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <[email protected]>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:[email protected]">[email protected]</a>>

Nrog Debian tej pob khoom rau MySQL, tus neeg siv hauv paus yog authenticated raws li hauv qab no:

root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host      | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket |                       |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)

Tib yam yog rooj plaub nrog .deb pob rau MariaDB:

10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost                                                                      |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION                                  |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Lub .deb tej pob khoom los ntawm lub official Percona repository kuj configure cov neeg siv hauv paus authentication nyob rau hauv auth-socket thiab rau Percona Server. Cia peb muab piv txwv nrog Percona Server rau MySQL 8.0.16-7 thiab Ubuntu 16.04:

root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'

Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host      | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket |                       |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)

Yog li dab tsi yog khawv koob? Lub plugin kuaj xyuas tias tus neeg siv Linux sib phim rau cov neeg siv MySQL siv SO_PEERCRED qhov (socket) xaiv los sau cov ntaub ntawv hais txog tus neeg siv khiav cov neeg siv khoom. Yog li, lub plugin tsuas tuaj yeem siv rau ntawm cov tshuab uas txhawb nqa SO_PEERCRED kev xaiv, xws li Linux. SO_PEERCRED lub qhov (socket) xaiv tso cai rau koj los tshawb pom cov txheej txheem cuam tshuam nrog lub qhov (socket). Thiab ces nws twb tau txais lub username txuam nrog no uid.

Nov yog ib qho piv txwv nrog tus neeg siv "vagrant":

vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'

Txij li thaum tsis muaj "vagrant" cov neeg siv hauv MySQL, peb raug tsis lees paub. Cia peb tsim tus neeg siv zoo li no thiab sim dua:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)

vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost                                                    |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)

tshwm sim!

Zoo, ua li cas txog qhov tsis yog Debian faib qhov twg qhov no tsis yog muab los ntawm lub neej ntawd? Cia peb sim Percona Server rau MySQL 8 ntsia ntawm CentOS 7:

mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name   | Value                                   |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)

mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loaded

Bummer. Dab tsi yog ploj lawm? Plugin tsis loaded:

mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)

Cia peb ntxiv ib lub plugin rau cov txheej txheem:

mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)

mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket                     | ACTIVE | AUTHENTICATION | auth_socket.so | GPL     |
48 rows in set (0.00 sec)

Tam sim no peb muaj txhua yam peb xav tau. Cia peb sim dua:

mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)

Tam sim no koj tuaj yeem nkag mus siv tus username "percona".

[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312

Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user    | host   | plugin   | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket |                       |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)

Thiab nws tau ua haujlwm dua!

Lo lus nug: nws puas tuaj yeem nkag mus rau hauv lub kaw lus nyob rau hauv tib lub percona tus ID nkag mus, tab sis raws li tus neeg siv sib txawv?

[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'

Tsis yog, nws yuav tsis ua haujlwm.

xaus

MySQL yog qhov hloov pauv tau yooj yim hauv ntau yam, ib qho ntawm cov txheej txheem authentication. Raws li koj tuaj yeem pom los ntawm cov ntawv tshaj tawm no, kev nkag tau tuaj yeem tau txais yam tsis muaj tus password, raws li cov neeg siv OS. Qhov no tuaj yeem pab tau hauv qee qhov xwm txheej, thiab ib qho ntawm lawv yog thaum tsiv los ntawm RDS / Aurora mus rau MySQL li niaj zaus siv. IAM database authenticationtseem mus nkag tau, tab sis tsis muaj passwords.

Tau qhov twg los: www.hab.com

Ntxiv ib saib