This plugin allows the user to use operating system credentials when connecting to MariaDB via Unix socket. It works by retrieving
uid of the process that has connected to the socket (using the
getsockopt(..., SO_PEERCRED, ...) call) and allowing to connect to the MariaDB account with the corresponding user name.
See Plugin SQL Statements for information about using plugins in general and the Pluggable Authentication for authentication plugins details.
To install the plugin, use:
INSTALL PLUGIN unix_socket SONAME 'auth_socket';
The UNIX_SOCKET plugin is installed by default in new installs of Ubuntu 15.10 and later, and Debian testing.
$ mysql -uroot MariaDB > CREATE USER serg IDENTIFIED VIA unix_socket; MariaDB > CREATE USER monty IDENTIFIED VIA unix_socket; MariaDB > quit Bye $ whoami serg $ mysql --user=serg Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 5.2.0-MariaDB-alpha-debug Source distribution MariaDB > quit Bye $ mysql --user=monty ERROR 1045 (28000): Access denied for user 'monty'@'localhost' (using password: NO)
In this example, a user
serg is already logged into the system and has full shell access. Because he has identified himself to the operating system, he does not need to do it again for the database — MariaDB trusts operating system credentials. But he cannot connect to the database as another user.
Resetting Authentication to Old Style (Password is Required)
mysql --user=root --host=localhost ALTER USER root@localhost identified with 'mysql_native_password'; SET PASSWORD = password('foo'); quit
Note that this may break scripts used by your OS distribution. You may be able to fix that by writing the following lines into your /root/.my.cnf file: