Yuav Siv MySQL li cas yam tsis muaj Password (thiab Kev Nyab Xeeb Kev Nyab Xeeb)

Lawv hais tias tus password zoo tshaj yog qhov koj tsis tas yuav nco qab. Nyob rau hauv cov ntaub ntawv ntawm MySQL qhov no yog ua tau ua tsaug rau lub plugin auth_socket thiab nws version rau MariaDB - unix_socket.

Ob leeg ntawm cov plugins no tsis yog tshiab txhua, lawv tau tham ntau heev hauv qhov blog no, piv txwv li hauv kab lus hais txog Yuav hloov passwords li cas hauv MySQL 5.7 siv auth_socket plugin. Txawm li cas los xij, thaum saib dab tsi tshiab hauv MariaDB 10.4, Kuv pom tias unix_socket tam sim no tau teeb tsa los ntawm lub neej ntawd thiab yog ib qho ntawm cov kev lees paub ("ib qho", vim tias hauv MariaDB 10.4 ntau tshaj ib lub plugin muaj rau ib tus neeg siv rau kev lees paub, uas tau piav qhia hauv daim ntawv "Authentication" los ntawm MariaDB 10.04).

Zoo li kuv tau hais lawm, qhov no tsis yog xov xwm, thiab thaum koj nruab MySQL siv pab neeg txhawb nqa Debian Rau cov pob khoom .deb, tus neeg siv hauv paus raug tsim rau kev lees paub qhov socket. Qhov no siv rau ob qho tib si MySQL thiab MariaDB.

root@app:~# apt-cache show mysql-server-5.7 | grep -i maintainers
Original-Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Original-Maintainer: Debian MySQL Maintainers <<a href="mailto:pkg-mysql-maint@lists.alioth.debian.org">pkg-mysql-maint@lists.alioth.debian.org</a>>

Nrog cov hnab Debian Rau MySQL, tus neeg siv hauv paus raug lees paub raws li hauv qab no:

root@app:~# whoami
root=
root@app:~# mysql
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host, plugin, authentication_string from mysql.user where user = 'root';
+------+-----------+-------------+-----------------------+
| user | host      | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket |                       |
+------+-----------+-------------+-----------------------+
1 row in set (0.01 sec)

Tib yam yog rooj plaub nrog .deb pob rau MariaDB:

10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04

MariaDB [(none)]> show grants;
+------------------------------------------------------------------------------------------------+
| Grants for root@localhost                                                                      |
+------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED VIA unix_socket WITH GRANT OPTION |
| GRANT PROXY ON ''@'%' TO 'root'@'localhost' WITH GRANT OPTION                                  |
+------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Lub .deb tej pob khoom los ntawm lub official Percona repository kuj configure cov neeg siv hauv paus authentication nyob rau hauv auth-socket thiab rau Percona Server. Cia peb muab piv txwv nrog Percona Server rau MySQL 8.0.16-7 и Ubuntu 16.04:

root@app:~# whoami
root
root@app:~# mysql
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 9
Server version: 8.0.16-7 Percona Server (GPL), Release '7', Revision '613e312'

Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host, plugin, authentication_string from mysql.user where user ='root';
+------+-----------+-------------+-----------------------+
| user | host      | plugin | authentication_string |
+------+-----------+-------------+-----------------------+
| root | localhost | auth_socket |                       |
+------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)

Yog li ntawd, lub khawv koob yog dab tsi? Lub plugin xyuas kom tus neeg siv Linux phim tus neeg siv MySQL siv qhov kev xaiv SO_PEERCRED socket los sau cov ntaub ntawv hais txog tus neeg siv khiav qhov kev pab cuam client. Yog li ntawd, lub plugin tsuas yog siv tau rau ntawm cov kab ke uas txhawb nqa qhov kev xaiv SO_PEERCRED, xws li LinuxQhov kev xaiv SO_PEERCRED socket tso cai rau koj txiav txim siab UID ntawm cov txheej txheem cuam tshuam nrog lub socket. Cov txheej txheem tom qab ntawd tau txais lub npe neeg siv cuam tshuam nrog UID ntawd.

Nov yog ib qho piv txwv nrog tus neeg siv "vagrant":

vagrant@mysql1:~$ whoami
vagrant
vagrant@mysql1:~$ mysql
ERROR 1698 (28000): Access denied for user 'vagrant'@'localhost'

Txij li thaum tsis muaj "vagrant" cov neeg siv hauv MySQL, peb raug tsis lees paub. Cia peb tsim tus neeg siv zoo li no thiab sim dua:

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket;
Query OK, 0 rows affected (0.00 sec)

vagrant@mysql1:~$ mysql
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 10.0.38-MariaDB-0ubuntu0.16.04.1 Ubuntu 16.04
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

MariaDB [(none)]> show grants;
+---------------------------------------------------------------------------------+
| Grants for vagrant@localhost                                                    |
+---------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'vagrant'@'localhost' IDENTIFIED VIA unix_socket |
+---------------------------------------------------------------------------------+
1 row in set (0.00 sec)

tshwm sim!

Zoo, ua li cas txog cov tsis-Debian kev faib tawm qhov twg qhov no tsis tau muab los ntawm lub neej ntawd? Cia peb sim Percona Server rau MySQL 8, ntsia rau ntawm CentOS 7:

mysql> show variables like '%version%comment';
+-----------------+---------------------------------------------------+
| Variable_name   | Value                                   |
+-----------------+---------------------------------------------------+
| version_comment | Percona Server (GPL), Release 7, Revision 613e312 |
+-----------------+---------------------------------------------------+
1 row in set (0.01 sec)

mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
ERROR 1524 (HY000): Plugin 'auth_socket' is not loaded

Bummer. Dab tsi yog ploj lawm? Plugin tsis loaded:

mysql> pager grep socket
PAGER set to 'grep socket'
mysql> show plugins;
47 rows in set (0.00 sec)

Cia peb ntxiv ib lub plugin rau cov txheej txheem:

mysql> nopager
PAGER set to stdout
mysql> INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';
Query OK, 0 rows affected (0.00 sec)

mysql> pager grep socket; show plugins;
PAGER set to 'grep socket'
| auth_socket                     | ACTIVE | AUTHENTICATION | auth_socket.so | GPL     |
48 rows in set (0.00 sec)

Tam sim no peb muaj txhua yam peb xav tau. Cia peb sim dua:

mysql> CREATE USER 'percona'@'localhost' IDENTIFIED WITH auth_socket;
Query OK, 0 rows affected (0.01 sec)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'percona'@'localhost';
Query OK, 0 rows affected (0.01 sec)

Tam sim no koj tuaj yeem nkag mus siv tus username "percona".

[percona@ip-192-168-1-111 ~]$ whoami
percona
[percona@ip-192-168-1-111 ~]$ mysql -upercona
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 19
Server version: 8.0.16-7 Percona Server (GPL), Release 7, Revision 613e312

Copyright (c) 2009-2019 Percona LLC and/or its affiliates
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> select user, host, plugin, authentication_string from mysql.user where user ='percona';
+---------+-----------+-------------+-----------------------+
| user    | host   | plugin   | authentication_string |
+---------+-----------+-------------+-----------------------+
| percona | localhost | auth_socket |                       |
+---------+-----------+-------------+-----------------------+
1 row in set (0.00 sec)

Thiab nws tau ua haujlwm dua!

Lo lus nug: nws puas tuaj yeem nkag mus rau hauv lub kaw lus nyob rau hauv tib lub percona tus ID nkag mus, tab sis raws li tus neeg siv sib txawv?

[percona@ip-192-168-1-111 ~]$ logout
[root@ip-192-168-1-111 ~]# mysql -upercona
ERROR 1698 (28000): Access denied for user 'percona'@'localhost'

Tsis yog, nws yuav tsis ua haujlwm.

xaus

MySQL yog qhov hloov pauv tau yooj yim hauv ntau yam, ib qho ntawm cov txheej txheem authentication. Raws li koj tuaj yeem pom los ntawm cov ntawv tshaj tawm no, kev nkag tau tuaj yeem tau txais yam tsis muaj tus password, raws li cov neeg siv OS. Qhov no tuaj yeem pab tau hauv qee qhov xwm txheej, thiab ib qho ntawm lawv yog thaum tsiv los ntawm RDS / Aurora mus rau MySQL li niaj zaus siv. IAM database authenticationtseem mus nkag tau, tab sis tsis muaj passwords.

Tau qhov twg los: www.hab.com