MySQL 8.0.14 新的密码认证方式和客户端链接
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
MySQL8.0在密码认证方式发生了改变,这也是有点小伙伴在MySQL创建了想用的用户,也进行了授权操作,死活连接不上的MySQL的原因,归根究底还是MySQL官方做了优化操作,可以让客户端更快的连接到MySQL数据库,说白了就是加密方式发生了改变!我们在创建用户时需要手动设置认证方式,因为目前主流的MySQL图形化破解版工具,暂时还不支持MySQL8.0默认的密码策略,修改方式可参考官方网站:https://dev.mysql.com/doc/refman/8.0/en/alter-user.html。
一.MySQL8新的密码认证方式
其实在MySQL8.0版本之前,MySQL使用的加密方式是“mysql_native_passowrd",在MySQL8.0之后,加密的方式改为“caching_sha2_password”,从字面意思理解,后者的加密方式应该更高效,以便提升客户端的连接速度。
1>.使用MySQL5.7版本查看用户的加密插件
2>使用MySQL8.0版本查看用户的加密插件
[root@node105 ~]# mysql -uroot -pyinzhengjie mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 9 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. mysql> mysql> SELECT user,host,plugin from mysql.user where user='root'; +------+-----------+-----------------------+ | user | host | plugin | +------+-----------+-----------------------+ | root | localhost | caching_sha2_password | +------+-----------+-----------------------+ 1 row in set (0.00 sec) mysql> mysql> quit Bye [root@node105 ~]# [root@node105 ~]#
二.创建两个测试用户
[root@node105 ~]# mysql -uroot -pyinzhengjie mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or g. Your MySQL connection id is 10 Server version: 8.0.14 MySQL Community Server - GPL Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. mysql> mysql> mysql> CREATE USER yzj@'%' IDENTIFIED BY 'yinzhengjie'; #这里我们没有指定MySQL的plugin的认证方式,MySQL8.0默认的认证方式是caching_sha2_password. Query OK, 0 rows affected (0.01 sec) mysql> mysql> CREATE USER yinzhengjie@'%' IDENTIFIED WITH mysql_native_password BY 'yinzhengjie'; #我们这里指定了MySQL的plugin的认证方式为mysql_native_password. Query OK, 0 rows affected (0.00 sec) mysql> mysql> SELECT user,host,plugin FROM mysql.user; +------------------+-----------+-----------------------+ | user | host | plugin | +------------------+-----------+-----------------------+ | yinzhengjie | % | mysql_native_password | | yzj | % | caching_sha2_password | | mysql.infoschema | localhost | caching_sha2_password | | mysql.session | localhost | caching_sha2_password | | mysql.sys | localhost | caching_sha2_password | | root | localhost | caching_sha2_password | +------------------+-----------+-----------------------+ rows in set (0.00 sec) mysql> mysql> GRANT ALL on *.* TO yzj@'%'; Query OK, 0 rows affected (0.00 sec) mysql> mysql> GRANT ALL on *.* TO yinzhengjie@'%'; Query OK, 0 rows affected (0.01 sec) mysql> mysql> SHOW GRANTS FOR yzj@'%'; +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for yzj@% | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `yzj`@`%` | | GRANT APPLICATION_PASSWORD_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `yzj`@`%` | +----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> mysql> mysql> mysql> mysql> SHOW GRANTS FOR yinzhengjie@'%'; +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for yinzhengjie@% | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `yinzhengjie`@`%` | | GRANT APPLICATION_PASSWORD_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `yinzhengjie`@`%` | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> mysql>
三.客户端连接(Navicat for MySQL)
1>.使用没有指定plugin的用户来连接数据库(yzj)
2>.使用指定plugin的用户来连接数据库(yinzhengjie)
四.总结
目前市场上主流的客户端连接工具支持的密码认证为“mysql_native_password”,暂时不支持“caching_sha2_password”认证方式。