Comments - Authentication Plugin - GSSAPI

8 years, 1 month ago Noel D.

Thanks for the reply!

Well I am certainly not a security expert but I hope the user is derived somehow from the "principal" running the process and not from $USER.

It is good to know that the parameter is optional.

 
8 years, 1 month ago Sergei Golubchik

It is derived from $USER. Alternatively, you can specify

[mysql]
user=usr1

in your /.my.cnf file.

The authentication with the MariaDB server works like this: the command-line client uses a user name that was specified on the command-line (with -u), or in the /.my.cnf file, or in $USER. Then this name is sent to the server, and only then the server can look it up in privilege tables to find out that it needs to use gssapi authentication for this user. At this point the user name is fixed, it's too late to derive it from the principal.

In other words, the logic for deriving the default user name cannot depend on the authentication mechanism.

 
8 years, 1 month ago Noel D.

Once again, thank you very much it is much clearer now!

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.