MariaDB starting with 5.2.0

This plugin first appeared in MariaDB 5.2.0.


This plugin allows the user to use operating system credentials when connecting to MariaDB via Unix socket. It works by retrieving uid of the process that has connected to the socket (using the getsockopt(..., SO_PEERCRED, ...) call) and allowing to connect to the MariaDB account with the corresponding user name. See Plugin SQL Statements for information about using plugins in general and the Pluggable Authentication for authentication plugins details.

To install the plugin, use:

INSTALL PLUGIN unix_socket SONAME 'auth_socket';

The UNIX_SOCKET plugin is installed by default in new installs of Ubuntu 15.10 and later, and Debian testing.


$ mysql -uroot
MariaDB []> CREATE USER serg IDENTIFIED VIA unix_socket;
MariaDB []> CREATE USER monty IDENTIFIED VIA unix_socket;
MariaDB []> quit
$ whoami
$ mysql --user=serg
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.2.0-MariaDB-alpha-debug Source distribution
MariaDB []> quit
$ mysql --user=monty
ERROR 1045 (28000): Access denied for user 'monty'@'localhost' (using password: NO)

In this example, a user serg is already logged into the system and has full shell access. Because he has identified himself to the operating system, he does not need to do it again for the database MariaDB trusts operating system credentials. But he cannot connect to the database as another user.

Resetting Authentication to Old Style (Password is Required)

mysql --user=root --host=localhost

ALTER USER root@localhost identified with 'mysql_native_password';
SET PASSWORD = password('foo');

Note that this may break scripts used by your OS distribution. You may be able to fix that by writing the following lines into your /root/.my.cnf file:


See Also


Comments loading...