简体繁体中英

mysql-proxy cleartext passwords

原文 2017-02-02 15:56:34 6 1 mysql/ lua/ mysql-proxy

I have MySQL proxy running and I have a LUA with a function for read_auth() however the passwords that are passed during authentication are hashed (as expected).

I require them in a format which I can work with and post onwards, so cleartext. Enabling the cleartext plugin on the MySQL client has no effect, I suspect that MySQL proxy is not demanding the client sends it in cleartext so defaults to hashing.

So basically: do you have any ideas on how I would be able to get the clear text authentication details within the read_auth() function of MySQL proxy?

Note: my end goal is to auth with LDAP, however the only way I can get a password (hashed or not) is by actually binding to LDAP, it can not be obtained by searching.

1 answers

The MySQL network protocol does not allow passwords to be sent in clear-text, all you could capture is the encrypted version.

However, if you are trying to send (from the client to the server) cleartext, the client side clear text plugin should work...

As of MySQL 5.5.27, to make inadvertent use of this plugin less likely, it is required that clients explicitly enable it. This can be done several ways:

Set the LIBMYSQL_ENABLE_CLEARTEXT_PLUGIN environment variable to a value that begins with 1, Y, or y. This enables the plugin for all client connections.

The mysql, mysqladmin, and mysqlslap client programs support an --enable-cleartext-plugin option that enables the plugin on a per-invocation basis.

The mysql_options() C API function supports a MYSQL_ENABLE_CLEARTEXT_PLUGIN option that enables the plugin on a per-connection basis. Also, any program that uses libmysqlclient and reads option files can enable the plugin by including an enable-cleartext-plugin option in an option group read by the client library.

Alternatively, there are a few other options to authenticate with LDAP. For example, you could use the PAM Authentication Plugin that will let you use any available PAM module to provide authentication services, and there is a pam_ldap module that is easy to configure.

You could also look into using roles and mapping the usernames to roles, so you would have a few roles with permissions and many usernames mapped to those roles. You can find further information on that here.

Further Resources:

mysql-proxy result field manipulation

MySQL-proxy and basic failover (detect state)

using mysql-proxy to manipulate login information

Mysql-Proxy Doesn't Failover (?)

Unable to compile mysql-proxy into an rpm

How to trace MySql queries using MySql-Proxy?

How to execute a lua script from mysql-proxy

when install mysql-proxy No package 'lua5.1' found

how to setup and configure mysql-proxy on ubuntu on amazon ec2

How to log SQL errors AND warnings with a Lua script on mysql-proxy

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question mysql-proxy result field manipulation MySQL-proxy and basic failover (detect state) using mysql-proxy to manipulate login information Mysql-Proxy Doesn't Failover (?) Unable to compile mysql-proxy into an rpm How to trace MySql queries using MySql-Proxy? How to execute a lua script from mysql-proxy when install mysql-proxy No package 'lua5.1' found how to setup and configure mysql-proxy on ubuntu on amazon ec2 How to log SQL errors AND warnings with a Lua script on mysql-proxy

Related Tags

mysql-proxy cleartext passwords

Question

1 answers

solution1 8 2017-02-08 23:07:38

solution1
8 2017-02-08 23:07:38