The Ultimate Guide to High Availability with MariaDB

socket_peercred authentication plugin

You are viewing an old version of this article. View the current version here.

Description

This plugin allows the user to use operating system credentials when connecting to MariaDB via Unix socket. It works by retrieving uid of the process that has connected to the socket (using the getsockopt(..., SO_PEERCRED, ...) call) and allowing to connect to the MariaDB account with the corresponding user name. See Pluggable Authentication for details on using authentication plugins.

This plugin first appeared in MariaDB 5.2.0.

Examples

MariaDB [root]> CREATE USER serg IDENTIFIED VIA socket_peercred;
Query OK, 0 rows affected (0.01 sec)
MariaDB [root]> CREATE USER monty IDENTIFIED VIA socket_peercred;
Query OK, 0 rows affected (0.01 sec)
MariaDB [root]> quit
Bye
$ whoami
serg
$ mysql --user=serg
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.2.0-MariaDB-alpha-debug Source distribution
MariaDB []> quit
Bye
$ mysql --user=monty
ERROR 1045 (28000): Access denied for user 'monty'@'localhost' (using password: NO)

In this example, a user serg is already logged into the system and has full shell access. Because he has identified himself to the operating system, he does not need to do it again for the database MariaDB trusts operating system credentials. But he cannot connect to the database as another user.

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.