Database Account Two-Factor Authentication (2FA)
MariaDB SkySQL supports database account 2FA (two-factor authentication) as an option:
This feature is not enabled by default. By default, database users are authenticated by single factor, password.
When enabled, users are authenticated by password and a second factor via PAM.
Database Account 2FA is available to Power Tier customers.
Single Node Analytics
Single Node Transactions
Enable Database Account 2FA
Service Configuration for PHP
When database account 2FA is enabled for a SkySQL service that uses MariaDB Enterprise Server, the service requires extra configuration to accept connections from PHP.
By default, Enterprise Server's
pam authentication plugin tells the client to provide the password or authentication token using the
dialog client authentication plugin. PHP does not currently support the
dialog client authentication plugin, so PHP applications can not authenticate via
pam with the default service configuration. When authentication is attempted, a warning or error is raised with the following message:
mysqli_connect(): The server requested authentication method unknown to the client [dialog] in SOURCE_FILE on line SOURCE_LINE
However, PHP does support the
mysql_clear_password client authentication plugin, which can be used instead of the
dialog client authentication plugin.
MariaDB Enterprise Server can be configured to use
mysql_clear_password instead of
dialog by enabling the
pam_use_cleartext_plugin system variable. The
pam_use_cleartext_plugin system variable can be enabled as a custom configuration. For more information, contact MariaDB Support.