The named_pipe authentication plugin allows Windows users connecting via named pipes to authenticate using their operating system credentials without a password.
The named_pipe authentication plugin allows the user to use operating system credentials when connecting to MariaDB via named pipe on Windows. Named pipe connections are enabled by the named_pipe system variable.
The named_pipe authentication plugin works by using named pipe impersonation and calling GetUserName() to retrieve the user name of the process that is connected to the named pipe. Once it has the user name, it authenticates the connecting user as the MariaDB account that has the same user name.
Although the plugin's shared library is distributed with MariaDB by default, the plugin is not actually installed by MariaDB by default. There are two methods that can be used to install the plugin with MariaDB.
The first method can be used to install the plugin without restarting the server. You can install the plugin dynamically by executing or :
The second method can be used to tell the server to load the plugin when it starts up. The plugin can be installed this way by providing the or the options. This can be specified as a command-line argument to mariadbd, or it can be specified in a relevant server in an :
You can uninstall the plugin dynamically by executing or :
If you installed the plugin by providing the or the options in a relevant server in an , those options should be removed to prevent the plugin from being loaded the next time the server is restarted.
To create a user account via , specify the name of the plugin in the clause:
If does not have NO_AUTO_CREATE_USER set, then you can also create the user account via :
The named_pipe authentication plugin does not require any specific client authentication plugins. It should work with all clients.
The named_pipe authentication plugin does not require any special support in client libraries. It should work with all client libraries.
In this example, a user wlad is already logged into the system. Because he has identified himself to the operating system, he does not need to do it again for the database — MariaDB trusts the operating system credentials. However, he cannot connect to the database as another user.
named_pipeDescription: Controls how the server should treat the plugin when the server starts up.
Valid values are:
OFF - Disables the plugin without removing it from the table.
This page is licensed: CC BY-SA / Gnu FDL
ON - Enables the plugin. If the plugin cannot be initialized, then the server will still continue starting up, but the plugin will be disabled.FORCE - Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error.
FORCE_PLUS_PERMANENT - Enables the plugin. If the plugin cannot be initialized, then the server will fail to start with an error. In addition, the plugin cannot be uninstalled with UNINSTALL SONAME or UNINSTALL PLUGIN while the server is running.
See Plugin Overview: Configuring Plugin Activation at Server Startup for more information.
There may be ambiguity between this option and the named_pipe system variable. See MDEV-19625 about that.
Command line: --named-pipe=value
Data Type: enumerated
Default Value: ON
Valid Values: OFF, ON, FORCE, FORCE_PLUS_PERMANENT
Introduced: MariaDB 10.1.11
INSTALL SONAME 'auth_named_pipe';[mariadb]
...
plugin_load_add = auth_named_pipeUNINSTALL SONAME 'auth_named_pipe';CREATE USER username@hostname IDENTIFIED VIA named_pipe;GRANT SELECT ON db.* TO username@hostname IDENTIFIED VIA named_pipe;CREATE USER wlad IDENTIFIED VIA named_pipe;
CREATE USER monty IDENTIFIED VIA named_pipe;
quit
C:\>echo %USERNAME%
wlad
C:\> mysql --user=wlad --protocol=PIPE
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.12-MariaDB-debug Source distribution
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> quit
Bye
C:\> mysql --user=monty --protocol=PIPE
ERROR 1698 (28000): Access denied for user 'monty'@'localhost'