A client-side authentication plugin is available that enables clients to send passwords to the server as cleartext, without hashing or encryption. This plugin is built into the MySQL client library.客户端身份验证插件可用,使客户端能够以明文形式向服务器发送密码,而无需哈希或加密。此插件内置于MySQL客户端库中。
The following table shows the plugin name.下表显示了插件名称。
Table 6.15 Plugin and Library Names for Cleartext Authentication明文身份验证的插件和库名称
mysql_clear_password |
|
Many client-side authentication plugins perform hashing or encryption of a password before the client sends it to the server. This enables clients to avoid sending passwords as cleartext.许多客户端身份验证插件在客户端将密码发送到服务器之前对密码进行哈希或加密。这使客户端能够避免以明文形式发送密码。
Hashing or encryption cannot be done for authentication schemes that require the server to receive the password as entered on the client side. 对于要求服务器接收在客户端输入的密码的身份验证方案,无法进行哈希或加密。In such cases, the client-side 在这种情况下,使用客户端mysql_clear_password plugin is used, which enables the client to send the password to the server as cleartext. mysql_clear_password插件,它使客户端能够以明文形式将密码发送到服务器。There is no corresponding server-side plugin. Rather, 没有相应的服务器端插件。相反,mysql_clear_password can be used on the client side in concert with any server-side plugin that needs a cleartext password. mysql_clear_password可以在客户端与任何需要明文密码的服务器端插件配合使用。(Examples are the PAM and simple LDAP authentication plugins; see Section 6.4.1.5, “PAM Pluggable Authentication”, and Section 6.4.1.7, “LDAP Pluggable Authentication”.)(例如PAM和简单的LDAP身份验证插件;请参阅第6.4.1.5节,“PAM可插拔身份验证”和第6.4.1.7节,“LDAP可插拔身份认证”。)
The following discussion provides usage information specific to cleartext pluggable authentication. For general information about pluggable authentication in MySQL, see Section 6.2.17, “Pluggable Authentication”.以下讨论提供了特定于明文可插拔身份验证的使用信息。有关MySQL中可插拔身份验证的一般信息,请参阅第6.2.17节,“可插拔身份认证”。
Sending passwords as cleartext may be a security problem in some configurations. To avoid problems if there is any possibility that the password would be intercepted, clients should connect to MySQL Server using a method that protects the password. 在某些配置中,以明文形式发送密码可能是一个安全问题。为了避免密码被拦截的可能性,客户端应使用保护密码的方法连接到MySQL服务器。Possibilities include SSL (see Section 6.3, “Using Encrypted Connections”), IPsec, or a private network.可能性包括SSL(参阅第6.3节,“使用加密连接”)、IPsec或专用网络。
To make inadvertent use of the 为了减少无意中使用mysql_clear_password plugin less likely, MySQL clients must explicitly enable it. This can be done in several ways:mysql_clear_password插件的可能性,mysql客户端必须显式启用它。这可以通过多种方式实现:
Set the 将LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN environment variable to a value that begins with 1, Y, or y. This enables the plugin for all client connections.LIBMYzhenENABLE_CLEARTEXT_PLUGIN环境变量设置为以1、Y或y开头的值。这将为所有客户端连接启用插件。
The mysql, mysqladmin, mysqlcheck, mysqldump, mysqlshow, and mysqlslap client programs support an mysql、mysqladmin、mysqlcheck、mysqldump、mysqlshow和mysqlslap客户端程序支持--enable-cleartext-plugin option that enables the plugin on a per-invocation basis.--enable-cleartext-plugin选项,该选项在每次调用的基础上启用插件。
The mysql_options() C API function supports a MYSQL_ENABLE_CLEARTEXT_PLUGIN option that enables the plugin on a per-connection basis. mysql_options()C API函数支持一个MYSQL_ENABLE_CLEARTEXT_PLUGIN选项,该选项在每次连接的基础上启用插件。Also, any program that uses 此外,任何使用libmysqlclient and reads option files can enable the plugin by including an enable-cleartext-plugin option in an option group read by the client library.libmysqlclient并读取选项文件的程序都可以通过在客户端库读取的选项组中包含enable-cleartext-plugin选项来启用插件。