auth_schema is an authentication plugin that authenticates connections using a MySQL-like table with SHA1 password hashes. Unlike MySQL, the auth table is not built-in and there are no default or anonymous users. Since a user must authenticate to create the auth table but no users can authenticate until the auth table is created, this circular dependency is resolved by temporarily using another authentication plugin. See the Examples.
Note
Unload the Allow All Authentication plugin before using this plugin.
See also
To load this plugin, start drizzled with:
--plugin-add=auth_schema
Loading the plugin may not enable or configure it. See the plugin’s Configuration and Variables.
See also
Plugin Options for more information about adding and removing plugins.
These command line options configure the plugin when drizzled is started. See Command Line Options for more information about specifying command line options.
Default : | auth.users |
---|---|
Variable : | auth_schema_table |
Schema-qualified table with user and password columns. Quoting the auth table in backticks is optional. The auth table name can only contain one period between the schema name and the table name.
These variables show the running configuration of the plugin. See variables for more information about querying and setting variables.
auth_schema_enabled
Scope: Global Dynamic: Yes Option: If auth_schema is enabled or disabled. If the plugin is disabled, all authentication is denied.
auth_schema_table
Scope: Global Dynamic: Yes Option: --auth-schema.table Schema-qualified table with user and password columns.
Start Drizzle with the default Allow All Authentication plugin and create the initial auth schema and table:
CREATE SCHEMA auth;
USE auth;
CREATE TABLE users (
user VARCHAR(255) NOT NULL,
password VARCHAR(40),
UNIQUE INDEX user_idx (user)
);
Create a user account called susan with password herpass:
INSERT INTO auth.users (user, password) VALUES ('susan', MYSQL_PASSWORD('herpass'));
Restart Drizzle with just the auth_schema plugin:
bin/drizzled --shutdown
sbin/drizzled \
--plugin-remove=auth_all \
--plugin-add=auth_schema
Test that it works:
$ drizzle
ERROR 1045 (28000): Access denied for user 'daniel' (using password: NO)
$ drizzle --user susan
ERROR 1045 (28000): Access denied for user 'susan' (using password: NO)
$ drizzle --user susan --password=wrongpass
ERROR 1045 (28000): Access denied for user 'susan' (using password: YES)
$ drizzle --user=susan --password=herpass
Welcome to the Drizzle client.. Commands end with ; or \g.
...
Daniel Nichter
This documentation applies to auth_schema 1.0.
To see which version of the plugin a Drizzle server is running, execute:
SELECT MODULE_VERSION FROM DATA_DICTIONARY.MODULES WHERE MODULE_NAME='auth_schema'