Authentication

Authentication is any process by which you verify that someone is who they claim they are. [1]

Drizzle authentication is handled by plugins; by default there is no single source where users are defined, such as a system user table, but each authentication plugin will use different sources to verify the usernames and passwords. (The plugin auth_schema does however keep users in a table inside Drizzle, much like the familiar MySQL way of authenticating users works.). Choosing an authentication plugin, configuring it, and disabling all other authentication plugins should be one of your first administrative tasks.

One or more authentication plugins must be loaded, else no connections can be made to Drizzle. On most systems, the Allow All Authentication plugin is loaded by default which, as its name suggests, allows all connections regardless of username or password. (Some distributions enable the File-based Authentication plugin by default instead).

The Schema Authentication plugin first shipped with Drizzle 7.1 Beta 2011.10.28. This plugin provides an authentication method that is both secure and easy to use, and it is similar to how MySQL authentication works so will be familiar to many users. If you don’t know which authentication plugin to use, you should start with configuring Schema Authentication. Likewise we warmly recommend distributors to consider enabling this plugin by default.

The following authentication plugins are included with Drizzle:

Protocols

Drizzle has three protocols which affect how clients send passwords to MySQL:

Protocol Password
mysql Encrypted
mysql-plugin-auth Plaintext
drizzle (Not used)

These protocols correspond to the drizzle Command Line Client –protocol option.

The mysql protocol is default, but some authentication plugins require the mysql-plugin-auth protocol:

Plugin Protocol
Allow All Authentication Any
File-based Authentication mysql
HTTP Authentication mysql-plugin-auth
LDAP Authentication Any
PAM Authenication mysql-plugin-auth
Schema Authentication mysql

Footnotes

[1]Authentication, Authorization, and Access Control

Table Of Contents

Previous topic

drizzled Process

Next topic

Authorization

This Page