OSAUTH Privilege

Overview

Grants the ability for the user to be authenticated by the OS.

This allows a SQL user to log in without a password as long as they have been authenticated as the corresponding OS user.

See also: Privileges for MariaDB Xpand 23.09, in 6.1, in 6.0, and in 5.3

See also: Privileges for MariaDB Xpand 6.0 and in 5.3

See also: Privileges for MariaDB Xpand 6.1

USAGE

With MariaDB Xpand, the OSAUTH privilege can be granted using the GRANT statement:

GRANT OSAUTH ON *.* to 'xpand'@'localhost';

DETAILS

  • Scope: Global

  • Privilege name for GRANT: OSAUTH

  • Privilege name for REVOKE: OSAUTH

  • Privilege shown by SHOW GRANTS: OSAUTH

MariaDB Xpand provides the OSAUTH privilege to configure a database user account to be authenticated by the operating system. When a database user account has the OSAUTH privilege, they can log into Xpand without a password as long as they have been authenticated as the corresponding OS user.

The OSAUTH privilege is granted to certain default user accounts:

  • The database management user (xpandm) is granted the OSAUTH privilege to allow clx to be executed without a password

  • The database daemon user (xpand) is granted the OSAUTH privilege to allow statd and Xpand GUI to be used without a password

SYNONYMS

SCHEMA

PARAMETERS

SKYSQL

PRIVILEGES

EXAMPLES

GRANT

The following examples demonstrate grant of a single privilege. A single GRANT statement can grant multiple privileges at the same scope by providing a comma-separated list of the privileges.

To grant the OSAUTH privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME') in the following query to align to your requirements:

GRANT OSAUTH
  ON *.*
  TO 'USERNAME'@'HOSTNAME';

For general guidance on privileges, see "Privileges".

REVOKE

The following examples demonstrate revoke of a single previously-granted privilege. A single REVOKE statement can revoke multiple privileges at the same scope by providing a comma-separated list of the privileges.

To revoke the OSAUTH privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME') in the following query to align to your requirements:

REVOKE OSAUTH
  ON *.*
  FROM 'USERNAME'@'HOSTNAME';

For general guidance on privileges, see "Privileges".

SHOW Output

A user's privileges can be displayed using the SHOW GRANTS statement.

If the OSAUTH privilege is present, it will be shown as OSAUTH in the output. For example:

SHOW GRANTS FOR 'app_user'@'192.0.2.%';

+-----------------------------------------------+
| Grants for app_user@192.0.2.%                 |
+-----------------------------------------------+
| GRANT OSAUTH ON *.* TO 'app_user'@'192.0.2.%' |
+-----------------------------------------------+

Privilege Failure

The OSAUTH privilege results in no failures since it is used for authentication.

ERROR HANDLING

FEATURE INTERACTION

RESPONSES

DIAGNOSIS

ISO 9075:2016

CHANGE HISTORY

Release Series

History

23.09

  • Present starting in MariaDB Xpand 23.09.1.

6.1

  • Present starting in MariaDB Xpand 6.1.0.

6.0

  • Present starting in MariaDB Xpand 6.0.3.

5.3

  • Present starting in MariaDB Xpand 5.3.13.

Release Series

History

6.0

  • Present starting in MariaDB Xpand 6.0.3.

5.3

  • Present starting in MariaDB Xpand 5.3.13.

Release Series

History

6.1

  • Present starting in MariaDB Xpand 6.1.0.

EXTERNAL REFERENCES