When a client connects to the MySQL server, the server uses the user name provided by the client and the client host to select the appropriate account row from the 当客户端连接到MySQL服务器时,服务器使用客户端和客户端主机提供的用户名从mysql.user system table. mysql.user系统表中选择适当的帐户行。The server then authenticates the client, determining from the account row which authentication plugin applies to the client:然后,服务器对客户端进行身份验证,从帐户行中确定哪个身份验证插件应用于客户端:
If the server cannot find the plugin, an error occurs and the connection attempt is rejected.如果服务器找不到插件,则会发生错误,连接尝试将被拒绝。
Otherwise, the server invokes that plugin to authenticate the user, and the plugin returns a status to the server indicating whether the user provided the correct password and is permitted to connect.否则,服务器调用该插件对用户进行身份验证,插件向服务器返回一个状态,指示用户是否提供了正确的密码并被允许连接。
Pluggable authentication enables these important capabilities:可插拔身份验证实现了以下重要功能:
Choice of authentication methods. Pluggable authentication makes it easy for DBAs to choose and change the authentication method used for individual MySQL accounts.身份验证方法的选择。可插拔的身份验证使DBA可以轻松选择和更改用于单个MySQL帐户的身份验证方法。
External authentication. Pluggable authentication makes it possible for clients to connect to the MySQL server with credentials appropriate for authentication methods that store credentials elsewhere than in the 外部身份验证。可插拔身份验证使客户端能够使用适用于身份验证方法的凭据连接到MySQL服务器,这些凭据存储在mysql.user system table. mysql.user系统表以外的其他地方。For example, plugins can be created to use external authentication methods such as PAM, Windows login IDs, LDAP, or Kerberos.例如,可以创建插件来使用外部身份验证方法,如PAM、Windows登录ID、LDAP或Kerberos。
Proxy users: If a user is permitted to connect, an authentication plugin can return to the server a user name different from the name of the connecting user, to indicate that the connecting user is a proxy for another user (the proxied user). 代理用户:如果允许用户连接,身份验证插件可以向服务器返回与连接用户名称不同的用户名,以表明连接用户是另一个用户(被代理用户)的代理。While the connection lasts, the proxy user is treated, for purposes of access control, as having the privileges of the proxied user. In effect, one user impersonates another. 在连接持续期间,出于访问控制的目的,代理用户被视为具有被代理用户的权限。实际上,一个用户冒充另一个用户。For more information, see Section 6.2.18, “Proxy Users”.有关更多信息,请参阅第6.2.18节,“代理用户”。
If you start the server with the 如果使用--skip-grant-tables option, authentication plugins are not used even if loaded because the server performs no client authentication and permits any client to connect. --skip-grant-tables选项启动服务器,即使加载了身份验证插件,也不会使用,因为服务器不执行客户端身份验证,只允许任何客户端连接。Because this is insecure, if the server is started with the 因为这是不安全的,如果服务器使用--skip-grant-tables option, it also disables remote connections by enabling skip_networking.--skip-grant-tables选项启动,它也会通过启用skip_networking来禁用远程连接。
MySQL 8.0 provides these authentication plugins:MySQL 8.0提供了以下身份验证插件:
A plugin that performs native authentication; that is, authentication based on the password hashing method in use from before the introduction of pluggable authentication in MySQL. 执行本地身份验证的插件;即MySQL引入可插拔身份验证之前使用的基于密码哈希方法的身份验证。The mysql_native_password plugin implements authentication based on this native password hashing method. mysql_native_password插件基于这种本机密码哈希方法实现身份验证。See Section 6.4.1.1, “Native Pluggable Authentication”.请参阅第6.4.1.1节,“本机可插拔身份验证”。
Plugins that perform authentication using SHA-256 password hashing. 使用SHA-256密码哈希进行身份验证的插件。This is stronger encryption than that available with native authentication. 这是比本机身份验证更强大的加密。See Section 6.4.1.2, “Caching SHA-2 Pluggable Authentication”, and Section 6.4.1.3, “SHA-256 Pluggable Authentication”.请参阅第6.4.1.2节,“缓存SHA-2可插拔身份验证”和第6.4.1.3节,“SHA-256可插拔身份认证”。
A client-side plugin that sends the password to the server without hashing or encryption. 一个客户端插件,无需哈希或加密即可将密码发送到服务器。This plugin is used in conjunction with server-side plugins that require access to the password exactly as provided by the client user. 此插件与服务器端插件结合使用,服务器端插件需要访问客户端用户提供的密码。See Section 6.4.1.4, “Client-Side Cleartext Pluggable Authentication”.请参阅第6.4.1.4节,“客户端明文可插拔身份验证”。
A plugin that performs external authentication using PAM (Pluggable Authentication Modules), enabling MySQL Server to use PAM to authenticate MySQL users. This plugin supports proxy users as well. 一个使用PAM(可插拔身份验证模块)执行外部身份验证的插件,使MySQL服务器能够使用PAM对MySQL用户进行身份验证。此插件也支持代理用户。See Section 6.4.1.5, “PAM Pluggable Authentication”.请参阅第6.4.1.5节,“PAM可插拔身份验证”。
A plugin that performs external authentication on Windows, enabling MySQL Server to use native Windows services to authenticate client connections. 一个在Windows上执行外部身份验证的插件,使MySQL Server能够使用本机Windows服务对客户端连接进行身份验证。Users who have logged in to Windows can connect from MySQL client programs to the server based on the information in their environment without specifying an additional password. 登录到Windows的用户可以根据其环境中的信息从MySQL客户端程序连接到服务器,而无需指定额外的密码。This plugin supports proxy users as well. See Section 6.4.1.6, “Windows Pluggable Authentication”.此插件也支持代理用户。请参阅第6.4.1.6节,“Windows可插拔身份验证”。
Plugins that perform authentication using LDAP (Lightweight Directory Access Protocol) to authenticate MySQL users by accessing directory services such as X.500. These plugins support proxy users as well. 使用LDAP(轻量级目录访问协议)执行身份验证的插件,通过访问X.500等目录服务对MySQL用户进行身份验证。这些插件也支持代理用户。See Section 6.4.1.7, “LDAP Pluggable Authentication”.请参阅第6.4.1.7节,“LDAP可插拔身份验证”。
A plugin that prevents all client connections to any account that uses it. Use cases for this plugin include proxied accounts that should never permit direct login but are accessed only through proxy accounts and accounts that must be able to execute stored programs and views with elevated privileges without exposing those privileges to ordinary users. 一个插件,可阻止所有客户端连接到使用它的任何帐户。此插件的用例包括代理帐户,这些帐户永远不应该允许直接登录,但只能通过代理帐户和帐户访问,这些帐户必须能够以提升的权限执行存储的程序和视图,而不会将这些权限暴露给普通用户。See Section 6.4.1.8, “No-Login Pluggable Authentication”.请参阅第6.4.1.8节,“无登录可插拔身份验证”。
A plugin that authenticates clients that connect from the local host through the Unix socket file. See Section 6.4.1.9, “Socket Peer-Credential Pluggable Authentication”.一个插件,用于对通过Unix套接字文件从本地主机连接的客户端进行身份验证。请参阅第6.4.1.9节,“套接字对等凭据可插拔身份验证”。
A test plugin that checks account credentials and logs success or failure to the server error log. This plugin is intended for testing and development purposes, and as an example of how to write an authentication plugin. 一个测试插件,用于检查帐户凭据并将成功或失败记录到服务器错误日志中。此插件旨在用于测试和开发目的,并作为如何编写身份验证插件的示例。See Section 6.4.1.10, “Test Pluggable Authentication”.请参阅第6.4.1.10节,“测试可插拔身份验证”。
For information about current restrictions on the use of pluggable authentication, including which connectors support which plugins, see Restrictions on Pluggable Authentication.有关使用可插拔身份验证的当前限制的信息,包括哪些连接器支持哪些插件,请参阅可插拔身份认证的限制。
Third-party connector developers should read that section to determine the extent to which a connector can take advantage of pluggable authentication capabilities and what steps to take to become more compliant.第三方连接器开发人员应阅读该部分,以确定连接器在多大程度上可以利用可插拔身份验证功能,以及采取哪些步骤来提高合规性。
If you are interested in writing your own authentication plugins, see Writing Authentication Plugins.如果您有兴趣编写自己的身份验证插件,请参阅编写身份验证插件。
This section provides general instructions for installing and using authentication plugins. 本节提供安装和使用身份验证插件的一般说明。For instructions specific to a given plugin, see the section that describes that plugin under Section 6.4.1, “Authentication Plugins”.有关特定于给定插件的说明,请参阅第6.4.1节,“身份验证插件”下描述该插件的部分。
In general, pluggable authentication uses a pair of corresponding plugins on the server and client sides, so you use a given authentication method like this:一般来说,可插拔身份验证在服务器端和客户端使用一对相应的插件,因此您可以使用如下给定的身份验证方法:
If necessary, install the plugin library or libraries containing the appropriate plugins. On the server host, install the library containing the server-side plugin, so that the server can use it to authenticate client connections. 如有必要,安装包含相应插件的一个或多个插件库。在服务器主机上,安装包含服务器端插件的库,以便服务器可以使用它来验证客户端连接。Similarly, on each client host, install the library containing the client-side plugin for use by client programs. Authentication plugins that are built in need not be installed.同样,在每个客户端主机上,安装包含客户端插件的库,供客户端程序使用。无需安装内置的身份验证插件。
For each MySQL account that you create, specify the appropriate server-side plugin to use for authentication. If the account is to use the default authentication plugin, the account-creation statement need not specify the plugin explicitly. 对于您创建的每个MySQL帐户,指定用于身份验证的相应服务器端插件。如果帐户要使用默认身份验证插件,则帐户创建语句不需要明确指定插件。The default_authentication_plugin system variable configures the default authentication plugin.default_authentication_plugin系统变量配置默认身份验证插件。
When a client connects, the server-side plugin tells the client program which client-side plugin to use for authentication.当客户端连接时,服务器端插件告诉客户端程序要使用哪个客户端插件进行身份验证。
In the case that an account uses an authentication method that is the default for both the server and the client program, the server need not communicate to the client which client-side plugin to use, and a round trip in client/server negotiation can be avoided.在帐户使用服务器和客户端程序默认的身份验证方法的情况下,服务器不需要向客户端通信要使用哪个客户端插件,可以避免客户端/服务器协商中的往返。
For standard MySQL clients such as mysql and mysqladmin, the 对于mysql和mysqladmin等标准MySQL客户端,可以在命令行上指定--default-auth= option can be specified on the command line as a hint about which client-side plugin the program can expect to use, although the server overrides this if the server-side plugin associated with the user account requires a different client-side plugin.plugin_name--default-auth=plugin_name选项,作为程序可以使用哪个客户端插件的提示,尽管如果与用户帐户关联的服务器端插件需要不同的客户端插件,服务器会覆盖此选项。
If the client program does not find the client-side plugin library file, specify a 如果客户端程序找不到客户端插件库文件,请指定--plugin-dir= option to indicate the plugin library directory location.dir_name--plugin-dir=dir_name选项以指示插件库目录位置。
Pluggable authentication enables flexibility in the choice of authentication methods for MySQL accounts, but in some cases client connections cannot be established due to authentication plugin incompatibility between the client and server.可插拔身份验证使MySQL帐户的身份验证方法选择更加灵活,但在某些情况下,由于客户端和服务器之间的身份验证插件不兼容,无法建立客户端连接。
The general compatibility principle for a successful client connection to a given account on a given server is that the client and server both must support the authentication method required by the account. 客户端成功连接到给定服务器上的给定帐户的一般兼容性原则是,客户端和服务器都必须支持帐户所需的身份验证方法。Because authentication methods are implemented by authentication plugins, the client and server both must support the authentication plugin required by the account.由于身份验证方法是由身份验证插件实现的,因此客户端和服务器都必须支持帐户所需的身份验证插件。
Authentication plugin incompatibilities can arise in various ways. Examples:身份验证插件不兼容可能以各种方式出现。示例:
Connect using a MySQL 5.7 client from 5.7.22 or lower to a MySQL 8.0 server account that authenticates with 使用5.7.22或更低版本的MySQL 5.7客户端连接到MySQL 8.0服务器帐户,该帐户使用caching_sha2_password. caching_sha2_password进行身份验证。This fails because the 5.7 client does not recognize the plugin, which was introduced in MySQL 8.0. 这失败了,因为5.7客户端无法识别MySQL 8.0中引入的插件。(This issue is addressed in MySQL 5.7 as of 5.7.23, when (自5.7.23起,MySQL 5.7中已解决此问题,当时MySQL客户端库和客户端程序中添加了caching_sha2_password client-side support was added to the MySQL client library and client programs.)caching_sha2_password客户端支持。)
Connect using a MySQL 5.7 client to a pre-5.7 server account that authenticates with 使用MySQL 5.7客户端连接到5.7之前的服务器帐户,该帐户使用mysql_old_password. mysql_old_password进行身份验证。This fails for multiple reasons. First, such a connection requires 失败的原因有很多。首先,这样的连接需要--secure-auth=0,这不再是一个受支持的选项。--secure-auth=0, which is no longer a supported option. Even were it supported, the 5.7 client does not recognize the plugin because it was removed in MySQL 5.7.即使支持该插件,5.7客户端也无法识别该插件,因为它在MySQL 5.7中已被删除。
Connect using a MySQL 5.7 client from a Community distribution to a MySQL 5.7 Enterprise server account that authenticates using one of the Enterprise-only LDAP authentication plugins. This fails because the Community client does not have access to the Enterprise plugin.使用MySQL 5.7客户端从社区发行版连接到MySQL 5.7企业版服务器帐户,该帐户使用仅限企业版的LDAP身份验证插件之一进行身份验证。此操作失败,因为社区客户端无权访问企业插件。
In general, these compatibility issues do not arise when connections are made between a client and server from the same MySQL distribution. 一般来说,当来自同一MySQL发行版的客户端和服务器之间建立连接时,不会出现这些兼容性问题。When connections are made between a client and server from different MySQL series, issues can arise. These issues are inherent in the development process when MySQL introduces new authentication plugins or removes old ones. 当来自不同MySQL系列的客户端和服务器之间建立连接时,可能会出现问题。当MySQL引入新的身份验证插件或删除旧插件时,这些问题是开发过程中固有的。To minimize the potential for incompatibilities, regularly upgrade the server, clients, and connectors on a timely basis.为了尽量减少不兼容的可能性,请定期及时升级服务器、客户端和连接器。
Various implementations of the MySQL client/server protocol exist. MySQL客户端/服务器协议存在各种实现。The libmysqlclient C API client library is one implementation. Some MySQL connectors (typically those not written in C) provide their own implementation. libmysqlclientC API客户端库就是一个实现。一些MySQL连接器(通常不是用C编写的)提供了自己的实现。However, not all protocol implementations handle plugin authentication the same way. This section describes an authentication issue that protocol implementors should take into account.然而,并非所有协议实现都以相同的方式处理插件身份验证。本节描述了协议实现者应该考虑的身份验证问题。
In the client/server protocol, the server tells connecting clients which authentication plugin it considers the default. 在客户端/服务器协议中,服务器告诉连接客户端它认为默认的身份验证插件。If the protocol implementation used by the client tries to load the default plugin and that plugin does not exist on the client side, the load operation fails. This is an unnecessary failure if the default plugin is not the plugin actually required by the account to which the client is trying to connect.如果客户端使用的协议实现尝试加载默认插件,而该插件在客户端不存在,则加载操作失败。如果默认插件不是客户端尝试连接的帐户实际需要的插件,则这是一个不必要的失败。
If a client/server protocol implementation does not have its own notion of default authentication plugin and always tries to load the default plugin specified by the server, it fails with an error if that plugin is not available.如果客户端/服务器协议实现没有自己的默认身份验证插件概念,并且总是尝试加载服务器指定的默认插件,如果该插件不可用,则会失败并出现错误。
To avoid this problem, the protocol implementation used by the client should have its own default plugin and should use it as its first choice (or, alternatively, fall back to this default in case of failure to load the default plugin specified by the server). Example:为了避免这个问题,客户端使用的协议实现应该有自己的默认插件,并应将其作为首选(或者,在无法加载服务器指定的默认插件的情况下,回退到此默认插件)。例子:
In MySQL 5.7, 在MySQL 5.7中,libmysqlclient uses as its default choice either mysql_native_password or the plugin specified through the MYSQL_DEFAULT_AUTH option for mysql_options().libmysqlclient使用mysql_native_password或通过mysql_options()的MYIN_default_AUTH选项指定的插件作为默认选择。
When a 5.7 client tries to connect to an 8.0 server, the server specifies 当5.7客户端尝试连接到8.0服务器时,服务器会指定caching_sha2_password as its default authentication plugin, but the client still sends credential details per either mysql_native_password or whatever is specified through MYSQL_DEFAULT_AUTH.caching_sha2_password作为其默认身份验证插件,但客户端仍会根据mysql_native_password或通过MY_RESDEFAULT_AUTH指定的任何内容发送凭据详细信息。
The only time the client loads the plugin specified by the server is for a change-plugin request, but in that case it can be any plugin depending on the user account. In this case, the client must try to load the plugin, and if that plugin is not available, an error is not optional.客户端加载服务器指定的插件的唯一时间是用于更改插件请求,但在这种情况下,根据用户帐户,它可以是任何插件。在这种情况下,客户端必须尝试加载插件,如果该插件不可用,则错误不是可选的。
The first part of this section describes general restrictions on the applicability of the pluggable authentication framework described at Section 6.2.17, “Pluggable Authentication”. 本节的第一部分描述了对第6.2.17节,“可插拔身份验证”中描述的可插入身份验证框架适用性的一般限制。The second part describes how third-party connector developers can determine the extent to which a connector can take advantage of pluggable authentication capabilities and what steps to take to become more compliant.第二部分描述了第三方连接器开发人员如何确定连接器在多大程度上可以利用可插拔身份验证功能,以及采取哪些步骤来提高合规性。
The term “native authentication” used here refers to authentication against passwords stored in the 这里使用的术语“本机身份验证”是指对存储在mysqluser系统表中的密码进行身份验证。这是在实现可插拔身份验证之前,旧MySQL服务器提供的相同身份验证方法。mysql.user system table. This is the same authentication method provided by older MySQL servers, before pluggable authentication was implemented. “Windows native authentication” refers to authentication using the credentials of a user who has already logged in to Windows, as implemented by the Windows Native Authentication plugin (“Windows plugin” for short).“Windows本机身份验证”是指使用已登录到Windows的用户的凭据进行身份验证,由Windows本机认证插件(简称“Windows插件”)实现。
Connector/C++: Clients that use this connector can connect to the server only through accounts that use native authentication.使用此连接器的客户端只能通过使用本机身份验证的帐户连接到服务器。
Exception: A connector supports pluggable authentication if it was built to link to 异常:如果连接器是为了动态(而不是静态)链接到libmysqlclient dynamically (rather than statically) and it loads the current version of libmysqlclient if that version is installed, or if the connector is recompiled from source to link against the current libmysqlclient.libmysqlclient而构建的,并且如果安装了当前版本的libmysqlclient,或者如果连接器从源代码重新编译以链接到当前的libmysqlclients,则它支持可插式身份验证。
For information about writing connectors to handle informatin from the server about the default server-side authentication plugin, see Authentication Plugin Connector-Writing Considerations.有关编写连接器以处理来自服务器的有关默认服务器端身份验证插件的信息,请参阅身份验证插件连接器编写注意事项。
Connector/NET: Clients that use Connector/NET can connect to the server through accounts that use native authentication or Windows native authentication.使用Connector/NET的客户端可以通过使用本机身份验证或Windows本机身份认证的帐户连接到服务器。
Connector/PHP: Clients that use this connector can connect to the server only through accounts that use native authentication, when compiled using the MySQL native driver for PHP (当使用PHP的MySQL本机驱动程序(mysqlnd)编译时,使用此连接器的客户端只能通过使用本机身份验证的帐户连接到服务器。mysqlnd).
Windows native authentication:Windows本机身份验证: Connecting through an account that uses the Windows plugin requires Windows Domain setup. Without it, NTLM authentication is used and then only local connections are possible; that is, the client and server must run on the same computer.通过使用Windows插件的帐户连接需要Windows域设置。如果没有它,则使用NTLM身份验证,然后只能进行本地连接;也就是说,客户端和服务器必须在同一台计算机上运行。
Proxy users:代理用户: Proxy user support is available to the extent that clients can connect through accounts authenticated with plugins that implement proxy user capability (that is, plugins that can return a user name different from that of the connecting user). 代理用户支持的范围是,客户端可以通过使用实现代理用户功能的插件(即可以返回与连接用户不同的用户名的插件)进行身份验证的帐户进行连接。For example, the PAM and Windows plugins support proxy users. The 例如,PAM和Windows插件支持代理用户。mysql_native_password and sha256_password authentication plugins do not support proxy users by default, but can be configured to do so; see Server Support for Proxy User Mapping.mysql_native_password和sha256_password身份验证插件默认不支持代理用户,但可以配置为支持代理用户;请参阅代理用户映射的服务器支持。
Replication: Replicas can not only employ replication user accounts using native authentication, but can also connect through replication user accounts that use nonnative authentication if the required client-side plugin is available. :副本不仅可以使用使用本机身份验证的复制用户帐户,而且如果所需的客户端插件可用,还可以通过使用非本机身份认证的复制用户帐号进行连接。If the plugin is built into 如果插件内置于libmysqlclient, it is available by default. Otherwise, the plugin must be installed on the replica side in the directory named by the replica's plugin_dir system variable.libmysqlclient中,则默认情况下可用。否则,插件必须安装在副本侧的副本plugin_dir系统变量命名的目录中。
FEDERATED tables:桌子: A FEDERATED table can access the remote table only through accounts on the remote server that use native authentication.FEDERATED表只能通过远程服务器上使用本机身份验证的帐户访问远程表。
Third-party connector developers can use the following guidelines to determine readiness of a connector to take advantage of pluggable authentication capabilities and what steps to take to become more compliant:第三方连接器开发人员可以使用以下指南来确定连接器是否准备好利用可插拔身份验证功能,以及采取哪些步骤来提高合规性:
An existing connector to which no changes have been made uses native authentication and clients that use the connector can connect to the server only through accounts that use native authentication. 未对其进行更改的现有连接器使用本机身份验证,使用该连接器的客户端只能通过使用本机认证的帐户连接到服务器。However, you should test the connector against a recent version of the server to verify that such connections still work without problem.但是,您应该使用最新版本的服务器测试连接器,以验证此类连接是否仍然正常工作。
Exception: A connector might work with pluggable authentication without any changes if it links to 异常:如果连接器动态(而不是静态)链接到libmysqlclient dynamically (rather than statically) and it loads the current version of libmysqlclient if that version is installed.libmysqlclient,并且如果安装了当前版本的libmysqlclient则加载该版本,则连接器可能无需任何更改即可使用可插拔身份验证。
To take advantage of pluggable authentication capabilities, a connector that is 为了利用可插拔的身份验证功能,应将基于libmysqlclient-based should be relinked against the current version of libmysqlclient. libmysqlclient的连接器与当前版本的libmysqlclient重新链接。This enables the connector to support connections though accounts that require client-side plugins now built into 这使得连接器能够通过需要客户端插件的帐户支持连接,这些插件现在内置在libmysqlclient (such as the cleartext plugin needed for PAM authentication and the Windows plugin needed for Windows native authentication). libmysqlclient中(例如PAM身份验证所需的明文插件和Windows本机身份验证所需要的Windows插件)。Linking with a current 与当前的libmysqlclient also enables the connector to access client-side plugins installed in the default MySQL plugin directory (typically the directory named by the default value of the local server's plugin_dir system variable).libmysqlclient链接还使连接器能够访问安装在默认MySQL插件目录中的客户端插件(通常是由本地服务器的plugin_dir系统变量的默认值命名的目录)。
If a connector links to 如果连接器动态链接到libmysqlclient dynamically, it must be ensured that the newer version of libmysqlclient is installed on the client host and that the connector loads it at runtime.libmysqlclient,则必须确保客户端主机上安装了libmysqlclient的较新版本,并且连接器在运行时加载它。
Another way for a connector to support a given authentication method is to implement it directly in the client/server protocol. Connector/NET uses this approach to provide support for Windows native authentication.连接器支持给定身份验证方法的另一种方式是直接在客户端/服务器协议中实现它。连接器/NET使用这种方法为Windows本机身份验证提供支持。
If a connector should be able to load client-side plugins from a directory different from the default plugin directory, it must implement some means for client users to specify the directory. 如果连接器应该能够从与默认插件目录不同的目录加载客户端插件,那么它必须为客户端用户实现一些指定目录的方法。Possibilities for this include a command-line option or environment variable from which the connector can obtain the directory name. 这可能包括一个命令行选项或环境变量,连接器可以从中获取目录名。Standard MySQL client programs such as mysql and mysqladmin implement a mysql和mysqladmin等标准MySQL客户端程序实现了--plugin-dir option. --plugin-dir选项。See also C API Client Plugin Interface.另请参阅C API客户端插件接口。
Proxy user support by a connector depends, as described earlier in this section, on whether the authentication methods that it supports permit proxy users.如本节前面所述,连接器对代理用户的支持取决于它支持的身份验证方法是否允许代理用户。