A MySQL user account must be created or altered with syntax that specifies how the account authenticates. Click the manage connections icon on the home screen to open the Manage Server Connections dialog. With the server requirements satisfied, you can configure the parameters of the named connection from MySQL Workbench. The remainder of this section identifies the settings for each connection method.
Username: User name of the account to be authenticated. If you enter no password here, you are prompted to enter the password when MySQL Workbench attempts to establish the connection. MySQL Workbench can store the password in a vault. Default Schema: When the connection to the server is established, this option sets the schema that becomes the default schema for use in other parts of MySQL Workbench.
For simplicity, you can leave the default schema value blank during the initial setup and set the default value later, if needed. The SSL options for this connection method are the same as the options described in Section 5. Using the GSSAPI security abstraction interface, a connection of this type authenticates to Kerberos to obtain service credentials, then uses those credentials in turn to enable secure access to other services.
LOCAL is the user name. The Path to plugin directory option enables you to specify an alternative path to the client-side plugin. An alternative path might be necessary to ensure that the client-side and server-side plugins remain compatible.
The Native Kerberos connections method authenticates a MySQL user with authentication tokens generated by the kinit command. This way both the user and the server are able to verify each other's identity. No passwords are sent over the network and Kerberos protocol messages are protected against eavesdropping and replay attacks.
For server configuration setup details and an operational overview of Kerberos authentication, see:. Prerequisites for Kerberos Pluggable Authentication. Connection values for the Native Kerberos connection method include:. Hostname: The host name or IP address of the MySQL server with an account that has the Kerberos principal name as the user name and that authenticates using the Kerberos plugin.
The client-side Kerberos authentication plugin combines the user name you provide for example, skylar and the realm specified in the user account for example, MYSQL. For more information, see Section 4. For example, the following command permits you to establish a global session for the user created in the previous example:. MySQL Shell provides the persistent connection option shell. Alternatively, you can override the persistent setting by specifying a path with the non-persistent command-line option --mysql-plugin-dir.
For example, the following command permits you to establish a global session on a Linux host for the user created in the previous example:. Using the Generic Security Service Application Program Interface GSSAPI security abstraction interface, a connection of this type authenticates to Kerberos to obtain service credentials, then uses those credentials in turn to enable secure access to other services. The following command permits you to establish a global session on a Linux host for the user created in the previous example.
You must specify the location of the server's plugin directory, either as the persistent shell. For detailed setup information, see Kerberos Pluggable Authentication.
Kerberos authentication can combine the user name for example, lucy and the realm domain specified in the user account for example, MYSQL. LOCAL , use this statement:.
0コメント