Schema Authentication

auth_schema is an authentication plugin that authenticates connections using a MySQL-like table with SHA1 password hashes. Unlike MySQL, the auth table is not built-in and there are no default or anonymous users. Since a user must authenticate to create the auth table but no users can authenticate until the auth table is created, this circular dependency is resolved by temporarily using another authentication plugin. See the Examples.

Note

Unload the Allow All Authentication plugin before using this plugin.

See also

Authentication

Loading

To load this plugin, start drizzled with:

--plugin-add=auth_schema

Loading the plugin may not enable or configure it. See the plugin’s Configuration and Variables.

See also

Plugin Options for more information about adding and removing plugins.

Configuration

These command line options configure the plugin when drizzled is started. See Command Line Options for more information about specifying command line options.

--auth-schema.table ARG
Default :auth.users
Variable :auth_schema_table

Schema-qualified table with user and password columns. Quoting the auth table in backticks is optional. The auth table name can only contain one period between the schema name and the table name.

Variables

These variables show the running configuration of the plugin. See variables for more information about querying and setting variables.

  • auth_schema_enabled

    Scope:Global
    Dynamic:Yes
    Option:

    If auth_schema is enabled or disabled. If the plugin is disabled, all authentication is denied.

  • auth_schema_table

    Scope:Global
    Dynamic:Yes
    Option:--auth-schema.table

    Schema-qualified table with user and password columns.

Examples

Start Drizzle with the default Allow All Authentication plugin and create the initial auth schema and table:

CREATE SCHEMA auth;
USE auth;
CREATE TABLE users (
   user     VARCHAR(255) NOT NULL,
   password VARCHAR(40),
   UNIQUE INDEX user_idx (user)
);

Create a user account called susan with password herpass:

INSERT INTO auth.users (user, password) VALUES ('susan', MYSQL_PASSWORD('herpass'));

Restart Drizzle with just the auth_schema plugin:

bin/drizzled --shutdown
sbin/drizzled               \
   --plugin-remove=auth_all \
   --plugin-add=auth_schema

Test that it works:

$ drizzle
ERROR 1045 (28000): Access denied for user 'daniel' (using password: NO)

$ drizzle --user susan
ERROR 1045 (28000): Access denied for user 'susan' (using password: NO)

$ drizzle --user susan --password=wrongpass
ERROR 1045 (28000): Access denied for user 'susan' (using password: YES)

$ drizzle --user=susan --password=herpass
Welcome to the Drizzle client..  Commands end with ; or \g.
...

Authors

Daniel Nichter

Version

This documentation applies to auth_schema 1.0.

To see which version of the plugin a Drizzle server is running, execute:

SELECT MODULE_VERSION FROM DATA_DICTIONARY.MODULES WHERE MODULE_NAME='auth_schema'

Changelog

v1.0

  • First release.

Table Of Contents

Previous topic

PAM Authenication

Next topic

BENCHMARK Function

This Page