socket_peercred authentication plugin
Description
This plugin allows the user to use operating system credentials when connecting to MariaDB via Unix socket. It works by retrieving uid of the process that has connected to the socket (using the
getsockopt(..., SO_PEERCRED, ...)
call) and allowing to connect to the MariaDB account with the corresponding user name. See Pluggable Authentication for details on using authentication plugins.
This plugin first appeared in MariaDB 5.2.0.
Examples
MariaDB [root]> CREATE USER serg IDENTIFIED VIA socket_peercred; Query OK, 0 rows affected (0.01 sec) MariaDB [root]> CREATE USER monty IDENTIFIED VIA socket_peercred; Query OK, 0 rows affected (0.01 sec) MariaDB [root]> quit Bye $ whoami serg $ mysql --user=serg Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 5.2.0-MariaDB-alpha-debug Source distribution MariaDB []> quit Bye $ mysql --user=monty ERROR 1045 (28000): Access denied for user 'monty'@'localhost' (using password: NO)
In this example, a user serg
is already logged into the system and has full shell access. Because he has identified himself to the operating system, he does not need to do it again for the database — MariaDB trusts operating system credentials. But he cannot connect to the database as another user.