MySQL auth_ Working principle of socket verification plug-in

Time:2021-7-30

auth_socketThe authentication method is: the client is enabled bySO_PEERCREDThe socket of option is connected to the MySQL server, and the server detects from the socket whether the system user name running the client is the MySQL user name to log in. If the user name is the same, log in; if it is different, refuse. If user name usage is not enabledSO_PEERCREDThe socket connection of option will also be rejected.

SO_PEERCREDIs an option that can only be enabled by UNIX domain socket, which can only be used for local communication. So, configureauth_socketThe MySQL user of cannot log in remotely through the MySQL client because remote login will enable TCP / IP socket. Of course, since it is called UNIX domain, only Linux and other UNIX like operating systems can use this socket. The socket with this option enabled will send the credential information (including user name) of the connector to the target. The MySQL server obtains the credentials and compares whether the user names are equal, so as to determine whether to allow login.

reference resources

  • [1] Linux manual page unix(7)