MySQL includes a test plugin that checks account credentials and logs success or failure to the server error log. This is a loadable plugin (not built in) and must be installed prior to use.MySQL包含一个测试插件,用于检查帐户凭据并将成功或失败记录到服务器错误日志中。这是一个可加载的插件(不是内置的),必须在使用前安装。
The test plugin source code is separate from the server source, unlike the built-in native plugin, so it can be examined as a relatively simple example demonstrating how to write a loadable authentication plugin.与内置的本机插件不同,测试插件源代码与服务器源代码是分开的,因此可以将其作为一个相对简单的示例进行检查,演示如何编写可加载的身份验证插件。
This plugin is intended for testing and development purposes, and is not for use in production environments or on servers that are exposed to public networks.此插件用于测试和开发目的,不适用于生产环境或暴露于公共网络的服务器。
The following table shows the plugin and library file names. The file name suffix might differ on your system. 下表显示了插件和库文件名。文件名后缀可能因系统而异。The file must be located in the directory named by the 文件必须位于plugin_dir system variable.plugin_dir系统变量命名的目录中。
Table 6.22 Plugin and Library Names for Test Authentication用于测试身份验证的插件和库名称
test_plugin_server |
|
auth_test_plugin |
|
auth_test_plugin.so |
The following sections provide installation and usage information specific to test pluggable authentication:以下部分提供了特定于测试可插拔身份验证的安装和使用信息:
For general information about pluggable authentication in MySQL, see Section 6.2.17, “Pluggable Authentication”.有关MySQL中可插拔身份验证的一般信息,请参阅第6.2.17节,“可插拔身份认证”。
This section describes how to install the test authentication plugin. For general information about installing plugins, see Section 5.6.1, “Installing and Uninstalling Plugins”.本节介绍如何安装测试身份验证插件。有关安装插件的一般信息,请参阅第5.6.1节,“安装和卸载插件”。
To be usable by the server, the plugin library file must be located in the MySQL plugin directory (the directory named by the 为了让服务器使用,插件库文件必须位于MySQL插件目录(由plugin_dir system variable). plugin_dir系统变量命名的目录)中。If necessary, configure the plugin directory location by setting the value of 如有必要,在服务器启动时通过设置plugin_dir at server startup.plugin_dir的值来配置插件目录位置。
To load the plugin at server startup, use the 要在服务器启动时加载插件,请使用--plugin-load-add option to name the library file that contains it. With this plugin-loading method, the option must be given each time the server starts. --plugin-load-add选项命名包含它的库文件。使用此插件加载方法,每次服务器启动时都必须给出该选项。For example, put these lines in the server 例如,将这些行放入服务器my.cnf file, adjusting the .so suffix for your platform as necessary:my.cnf文件中,根据需要调整您的平台的.so后缀:
[mysqld] plugin-load-add=auth_test_plugin.so
After modifying 修改my.cnf, restart the server to cause the new settings to take effect.my.cnf后,重新启动服务器以使新设置生效。
Alternatively, to load the plugin at runtime, use this statement, adjusting the 或者,要在运行时加载插件,请使用以下语句,根据需要调整您的平台的.so suffix for your platform as necessary:.so后缀:
INSTALL PLUGIN test_plugin_server SONAME 'auth_test_plugin.so';
INSTALL PLUGIN loads the plugin immediately, and also registers it in the mysql.plugins system table to cause the server to load it for each subsequent normal startup without the need for --plugin-load-add.INSTALL PLUGIN会立即加载插件,并将其注册到mysql.plugins系统表中,以便服务器在每次后续正常启动时加载它,而不需要--plugin-load-add。
To verify plugin installation, examine the 要验证插件安装,请检查INFORMATION_SCHEMA.PLUGINS table or use the SHOW PLUGINS statement (see Section 5.6.2, “Obtaining Server Plugin Information”). For example:INFORMATION_SCHEMA.PLUGINS表或使用SHOW PLUGINS语句(请参阅第5.6.2节,“获取服务器插件信息”)。例如:
mysql>SELECT PLUGIN_NAME, PLUGIN_STATUSFROM INFORMATION_SCHEMA.PLUGINSWHERE PLUGIN_NAME LIKE '%test_plugin%';+--------------------+---------------+ | PLUGIN_NAME | PLUGIN_STATUS | +--------------------+---------------+ | test_plugin_server | ACTIVE | +--------------------+---------------+
If the plugin fails to initialize, check the server error log for diagnostic messages.如果插件初始化失败,请检查服务器错误日志中的诊断消息。
To associate MySQL accounts with the test plugin, see Using Test Pluggable Authentication.要将MySQL帐户与测试插件相关联,请参阅使用测试可插拔身份验证。
The method used to uninstall the test authentication plugin depends on how you installed it:卸载测试身份验证插件的方法取决于您的安装方式:
If you installed the plugin at server startup using a 如果您在服务器启动时使用--plugin-load-add option, restart the server without the option.--plugin-load-add选项安装了插件,请在不使用该选项的情况下重新启动服务器。
If you installed the plugin at runtime using an 如果您在运行时使用INSTALL PLUGIN statement, it remains installed across server restarts. To uninstall it, use UNINSTALL PLUGIN:INSTALL PLUGIN语句安装了插件,则它在服务器重新启动时仍会安装。要卸载它,请使用UNINSTALL PLUGIN:
UNINSTALL PLUGIN test_plugin_server;
To use the test authentication plugin, create an account and name that plugin in the 要使用测试身份验证插件,请创建一个帐户,并在IDENTIFIED WITH clause:IDENTIFIED WITH子句中为该插件命名:
CREATE USER 'testuser'@'localhost'
IDENTIFIED WITH test_plugin_server
BY 'testpassword';
Then provide the 然后在连接到服务器时为该帐户提供--user and --password options for that account when you connect to the server. For example:--user和--password选项。例如:
shell>mysql --user=testuser --passwordEnter password:testpassword
The plugin fetches the password as received from the client and compares it with the value stored in the 插件从客户端获取密码,并将其与authentication_string column of the account row in the mysql.user system table. mysql.user系统表中帐户行的authentication_string列中存储的值进行比较。If the two values match, the plugin returns the 如果这两个值匹配,插件将返回authentication_string value as the new effective user ID.authentication_string值作为新的有效用户ID。
You can look in the server error log for a message indicating whether authentication succeeded (notice that the password is reported as the “user”):您可以在服务器错误日志中查找指示身份验证是否成功的消息(请注意,密码被报告为“用户”):
[Note] Plugin test_plugin_server reported:
'successfully authenticated user testpassword'