SlideShare a Scribd company logo
1 of 13
Download to read offline
© 2015 MariaDB Foundation1
* *
Passwordless login with
unix auth_socket
Otto Kekäläinen
12.10.2015
MySQL User Group NL
Amsterdam
The old way
Password management is a pain
ssh host1.example.com
Password: XXX
$ mysql -u root -p
Password: XYZ
ssh host1.example.com
Password: ZZZ
$ mysql -u root -p
Password: ZYX
What if the
sysadmin has 20
hosts to manage?
Automating passwords hurts even more
Example: Ansible scripts for cluster
# Galera replicates users table and nodes need to have the
same debian-sys-maint configs
- name: update debian-sys-maint user
mysql_user:
name: debian-sys-maint
password: "{{ galera_debian_sys_maint_password }}"
priv: "*.*:ALL,GRANT"
append_privs: yes
host: localhost
state: present
# Update same debian-sys-maint configs for all nodes
- name: update debian.cnf
template:
src: debian.cnf.j2
dest: /etc/mysql/debian.cnf
mode: 0600
owner: mysql
group: root
- name: Create xtrabackup user and grant priviledges
mysql_user:
name: xtrabackup
password: "{{ galera_xtrabackup_password }}"
priv: "*.*:RELOAD,LOCK TABLES,REPLICATION CLIENT,SUPER"
append_privs: yes
host: localhost
state: present
- name: update mysql root password for all root accounts
mysql_user:
name: root
host: "{{ item }}"
priv: "*.*:ALL,GRANT"
password: "{{ galera_root_password }}"
with_items:
- "{{ inventory_hostname }}"
- 127.0.0.1
- ::1
- localhost
ignore_errors: True
Failing to sync the password configuration makes the node fail completely.
The irony
ssh host1.example.com
Password: XXX
root$ mysql -u root -p
Password: XYZ
Mysqld: wrong password!
root$ service mysql stop
root$ scp -r /var/lib/mysql
host2.example.com
root$ rm -rf
root$ echo ”Revenge!” | wall
Goal: eliminate the root passwords
Yes, Debian/Ubuntu has two
MariaDB [mysql]> select
host,user,plugin from user;
+-----------+------------------+--------+
| host | user | plugin |
+-----------+------------------+--------+
| localhost | root | |
| htpc | root | |
| 127.0.0.1 | root | |
| ::1 | root | |
| localhost | debian-sys-maint | |
+-----------+------------------+--------+
$ cat /etc/mysql/debian.cnf
# Automatically generated for Debian scripts.
DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = z3tm0eLnX6k2fnvb
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = debian-sys-maint
password = z3tm0eLnX6k2fnvb
socket = /var/run/mysqld/mysqld.sock
basedir = /usr
unix_socket to the rescue!
MariaDB [mysql]> install plugin unix_socket SONAME
'auth_socket';
MariaDB [mysql]> grant usage on *.* to
'root'@'localhost' identified via unix_socket;
MariaDB [mysql]> select host,user,plugin from user;
+-----------+------------------+-------------+
| host | user | plugin |
+-----------+------------------+-------------+
| localhost | root | unix_socket |
| htpc | root | |
| 127.0.0.1 | root | |
| ::1 | root | |
| localhost | debian-sys-maint | |
+-----------+------------------+-------------+
unix_socket in action
root$ mysql -u root
Welcome to the MariaDB monitor. Commands end with ;
or g.
Your MariaDB connection id is 38
Server version: 5.5.44-MariaDB-1ubuntu0.14.04.2
(Ubuntu)
user$ sudo mysql -u root
Welcome to the MariaDB monitor. Commands end with ;
or g.
Your MariaDB connection id is 29
Server version: 5.5.44-MariaDB-1ubuntu0.14.04.2
(Ubuntu)
MariaDB [(none)]>
unix_socket in action
root$ mysql
Welcome to the MariaDB monitor. Commands end with ;
or g.
root$ mysql -u root -psurelywrongpassword
Welcome to the MariaDB monitor. Commands end with ;
or g.
root$ mysql -u somebodyelse
ERROR 1045 (28000): Access denied for user
'somebodyelse'@'localhost' (using password: NO)
Caveat: logging in as root with password from the
local host (using whatever name) will stop working
user$ mysql -u root -p
Enter password:
ERROR 1698 (28000): Access
denied for user
'root'@'localhost'
user$ mysql -u root -h
127.0.0.1 -p
Enter password:
ERROR 1698 (28000): Access
denied for user
'root'@'localhost'
Great! When will this be by default?
● Now: New installs in Debian unstable
● Soon: New installs in Ubuntu 15.10
● Some day: official in all MariaDB
releases
..but only new installs. We don't want to
mess up password usage in normal
version upgrades.
Credits and contributions
Development done
● by me (mariadb.org) and Daniel Black (openquery.com.au)
● in Debian (http://git.debian.org/?p=pkg-mysql/mariadb-10.0.git)
Contributions are welcome!
© 2015 MariaDB Foundation14
Thanks!
mariadb.org
@ottokekalainen
otto@mariadb.org

More Related Content

What's hot

Performance all teh things
Performance all teh thingsPerformance all teh things
Performance all teh thingsMarcus Deglos
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionSammy Fung
 
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...LumoSpark
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPressdotCloud
 
Intro ProxySQL
Intro ProxySQLIntro ProxySQL
Intro ProxySQLI Goo Lee
 
MySQL for Beginners - part 1
MySQL for Beginners - part 1MySQL for Beginners - part 1
MySQL for Beginners - part 1Ivan Zoratti
 
MariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructuresMariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructuresFederico Razzoli
 
Your own minecraft server on a linode vps
Your own minecraft server on a linode vpsYour own minecraft server on a linode vps
Your own minecraft server on a linode vpsCleo Morisson
 
Speeding Up The Snail
Speeding Up The SnailSpeeding Up The Snail
Speeding Up The SnailMarcus Deglos
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04VEXXHOST Private Cloud
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04SANTIAGO HERNÁNDEZ
 
Foundation of starting your drupal project to vagrant environment
Foundation of starting your drupal project to vagrant environmentFoundation of starting your drupal project to vagrant environment
Foundation of starting your drupal project to vagrant environmentEleison Cruz
 
Seamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay productionSeamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay productionChengyuan Li
 
Rapport de-stage-supervision-nagios-et-nagvis
Rapport de-stage-supervision-nagios-et-nagvisRapport de-stage-supervision-nagios-et-nagvis
Rapport de-stage-supervision-nagios-et-nagvislinkinx
 

What's hot (20)

Mysql
Mysql Mysql
Mysql
 
Performance all teh things
Performance all teh thingsPerformance all teh things
Performance all teh things
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server Edition
 
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
How to turn any dynamic website into a static site | 24.01.2018 | Artem Danil...
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPress
 
Intro ProxySQL
Intro ProxySQLIntro ProxySQL
Intro ProxySQL
 
Dbdeployer
DbdeployerDbdeployer
Dbdeployer
 
Test like a_boss
Test like a_bossTest like a_boss
Test like a_boss
 
MySQL for Beginners - part 1
MySQL for Beginners - part 1MySQL for Beginners - part 1
MySQL for Beginners - part 1
 
MariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructuresMariaDB, MySQL and Ansible: automating database infrastructures
MariaDB, MySQL and Ansible: automating database infrastructures
 
grate techniques
grate techniquesgrate techniques
grate techniques
 
Your own minecraft server on a linode vps
Your own minecraft server on a linode vpsYour own minecraft server on a linode vps
Your own minecraft server on a linode vps
 
Speeding Up The Snail
Speeding Up The SnailSpeeding Up The Snail
Speeding Up The Snail
 
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04How to deploy a MariaDB Galera cluster on Ubuntu 14.04
How to deploy a MariaDB Galera cluster on Ubuntu 14.04
 
Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04Tested install-isp config3-ubuntu-16-04
Tested install-isp config3-ubuntu-16-04
 
Nginx dhruba mandal
Nginx dhruba mandalNginx dhruba mandal
Nginx dhruba mandal
 
Squid
SquidSquid
Squid
 
Foundation of starting your drupal project to vagrant environment
Foundation of starting your drupal project to vagrant environmentFoundation of starting your drupal project to vagrant environment
Foundation of starting your drupal project to vagrant environment
 
Seamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay productionSeamless migration from nova network to neutron in e bay production
Seamless migration from nova network to neutron in e bay production
 
Rapport de-stage-supervision-nagios-et-nagvis
Rapport de-stage-supervision-nagios-et-nagvisRapport de-stage-supervision-nagios-et-nagvis
Rapport de-stage-supervision-nagios-et-nagvis
 

Similar to Passwordless login with unix auth_socket

TrinityCore server install guide
TrinityCore server install guideTrinityCore server install guide
TrinityCore server install guideSeungmin Shin
 
Mysql administration
Mysql administrationMysql administration
Mysql administrationbeben benzy
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopLorin Hochstein
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefMatt Ray
 
Deploying Percona XtraDB Cluster in Openshift
Deploying Percona XtraDB Cluster in OpenshiftDeploying Percona XtraDB Cluster in Openshift
Deploying Percona XtraDB Cluster in OpenshiftAlexander Rubin
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with AnsibleRayed Alrashed
 
Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Laurent Domb
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Puppet
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera clusterTiago Simões
 
Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Alkin Tezuysal
 
Percona Live 2012PPT:mysql-security-privileges-and-user-management
Percona Live 2012PPT:mysql-security-privileges-and-user-managementPercona Live 2012PPT:mysql-security-privileges-and-user-management
Percona Live 2012PPT:mysql-security-privileges-and-user-managementmysqlops
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDropsolid
 
Mysql 8 vs Mariadb 10.4 Webinar 2020 Feb
Mysql 8 vs Mariadb 10.4 Webinar 2020 FebMysql 8 vs Mariadb 10.4 Webinar 2020 Feb
Mysql 8 vs Mariadb 10.4 Webinar 2020 FebAlkin Tezuysal
 
MySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features SummaryMySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features SummaryOlivier DASINI
 
Nginx 0.8.x 安装手册
Nginx 0.8.x 安装手册Nginx 0.8.x 安装手册
Nginx 0.8.x 安装手册Yiwei Ma
 
Multiple instances second method
Multiple instances second methodMultiple instances second method
Multiple instances second methodVasudeva Rao
 

Similar to Passwordless login with unix auth_socket (20)

TrinityCore server install guide
TrinityCore server install guideTrinityCore server install guide
TrinityCore server install guide
 
Mysql administration
Mysql administrationMysql administration
Mysql administration
 
Vagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptopVagrant, Ansible, and OpenStack on your laptop
Vagrant, Ansible, and OpenStack on your laptop
 
Bare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and ChefBare Metal to OpenStack with Razor and Chef
Bare Metal to OpenStack with Razor and Chef
 
Deploying Percona XtraDB Cluster in Openshift
Deploying Percona XtraDB Cluster in OpenshiftDeploying Percona XtraDB Cluster in Openshift
Deploying Percona XtraDB Cluster in Openshift
 
Curso de MySQL 5.7
Curso de MySQL 5.7Curso de MySQL 5.7
Curso de MySQL 5.7
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
 
Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...Automating Container Deployments on Virtualization with Ansible: OpenShift on...
Automating Container Deployments on Virtualization with Ansible: OpenShift on...
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
 
How to create a secured cloudera cluster
How to create a secured cloudera clusterHow to create a secured cloudera cluster
How to create a secured cloudera cluster
 
Automating with Ansible
Automating with AnsibleAutomating with Ansible
Automating with Ansible
 
Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019Mysql 8 vs Mariadb 10.4 Highload++ 2019
Mysql 8 vs Mariadb 10.4 Highload++ 2019
 
Intalacion de owncloud
Intalacion de owncloudIntalacion de owncloud
Intalacion de owncloud
 
Instalar MySQL CentOS
Instalar MySQL CentOSInstalar MySQL CentOS
Instalar MySQL CentOS
 
Percona Live 2012PPT:mysql-security-privileges-and-user-management
Percona Live 2012PPT:mysql-security-privileges-and-user-managementPercona Live 2012PPT:mysql-security-privileges-and-user-management
Percona Live 2012PPT:mysql-security-privileges-and-user-management
 
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google CloudDrupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
 
Mysql 8 vs Mariadb 10.4 Webinar 2020 Feb
Mysql 8 vs Mariadb 10.4 Webinar 2020 FebMysql 8 vs Mariadb 10.4 Webinar 2020 Feb
Mysql 8 vs Mariadb 10.4 Webinar 2020 Feb
 
MySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features SummaryMySQL 8.0.18 - New Features Summary
MySQL 8.0.18 - New Features Summary
 
Nginx 0.8.x 安装手册
Nginx 0.8.x 安装手册Nginx 0.8.x 安装手册
Nginx 0.8.x 安装手册
 
Multiple instances second method
Multiple instances second methodMultiple instances second method
Multiple instances second method
 

More from Otto Kekäläinen

FOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuFOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuOtto Kekäläinen
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itOtto Kekäläinen
 
MariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and UbuntuMariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and UbuntuOtto Kekäläinen
 
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?Otto Kekäläinen
 
Technical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 editionTechnical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 editionOtto Kekäläinen
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...Otto Kekäläinen
 
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...Otto Kekäläinen
 
DebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoFDebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoFOtto Kekäläinen
 
The 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix themThe 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix themOtto Kekäläinen
 
How to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPressHow to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPressOtto Kekäläinen
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesOtto Kekäläinen
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...Otto Kekäläinen
 
Automatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsAutomatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsOtto Kekäläinen
 
Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)Otto Kekäläinen
 
WordPress-tietoturvan perusteet
WordPress-tietoturvan perusteetWordPress-tietoturvan perusteet
WordPress-tietoturvan perusteetOtto Kekäläinen
 
Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionOtto Kekäläinen
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
 
MariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environmentsMariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environmentsOtto Kekäläinen
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017Otto Kekäläinen
 

More from Otto Kekäläinen (20)

FOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and UbuntuFOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
FOSDEM2021: MariaDB post-release quality assurance in Debian and Ubuntu
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize it
 
MariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and UbuntuMariaDB quality assurance in Debian and Ubuntu
MariaDB quality assurance in Debian and Ubuntu
 
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
DebConf 2020: What’s New in MariaDB Server 10.5 and Galera 4?
 
Technical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 editionTechnical SEO for WordPress - 2019 edition
Technical SEO for WordPress - 2019 edition
 
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...The 5 most common reasons for a slow WordPress site and how to fix them – ext...
The 5 most common reasons for a slow WordPress site and how to fix them – ext...
 
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
How MariaDB packaging uses Salsa-CI to ensure smooth upgrades and avoid regre...
 
DebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoFDebConf 2019 MariaDB packaging in Debian BoF
DebConf 2019 MariaDB packaging in Debian BoF
 
The 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix themThe 5 most common reasons for a slow WordPress site and how to fix them
The 5 most common reasons for a slow WordPress site and how to fix them
 
How to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPressHow to investigate and recover from a security breach in WordPress
How to investigate and recover from a security breach in WordPress
 
Technical SEO for WordPress
Technical SEO for WordPressTechnical SEO for WordPress
Technical SEO for WordPress
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themes
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...
 
Automatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress pluginsAutomatic testing and quality assurance for WordPress plugins
Automatic testing and quality assurance for WordPress plugins
 
Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)Improving WordPress performance (xdebug and profiling)
Improving WordPress performance (xdebug and profiling)
 
WordPress-tietoturvan perusteet
WordPress-tietoturvan perusteetWordPress-tietoturvan perusteet
WordPress-tietoturvan perusteet
 
Technical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 editionTechnical SEO for WordPress - 2017 edition
Technical SEO for WordPress - 2017 edition
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
MariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environmentsMariaDB adoption in Linux distributions and development environments
MariaDB adoption in Linux distributions and development environments
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 

Recently uploaded

Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadIvo Andreev
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfBrain Inventory
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampVICTOR MAESTRE RAMIREZ
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdfMeon Technology
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIIvo Andreev
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Jaydeep Chhasatia
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.Sharon Liu
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...OnePlan Solutions
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Incrobinwilliams8624
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionsNirav Modi
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxJoão Esperancinha
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntelliSource Technologies
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?AmeliaSmith90
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptkinjal48
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageDista
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsJaydeep Chhasatia
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesSoftwareMill
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfTobias Schneck
 

Recently uploaded (20)

Cybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and BadCybersecurity Challenges with Generative AI - for Good and Bad
Cybersecurity Challenges with Generative AI - for Good and Bad
 
Why Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdfWhy Choose Brain Inventory For Ecommerce Development.pdf
Why Choose Brain Inventory For Ecommerce Development.pdf
 
Deep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - DatacampDeep Learning for Images with PyTorch - Datacamp
Deep Learning for Images with PyTorch - Datacamp
 
online pdf editor software solutions.pdf
online pdf editor software solutions.pdfonline pdf editor software solutions.pdf
online pdf editor software solutions.pdf
 
JS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AIJS-Experts - Cybersecurity for Generative AI
JS-Experts - Cybersecurity for Generative AI
 
Salesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptxSalesforce AI Associate Certification.pptx
Salesforce AI Associate Certification.pptx
 
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
Optimizing Business Potential: A Guide to Outsourcing Engineering Services in...
 
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
20240319 Car Simulator Plan.pptx . Plan for a JavaScript Car Driving Simulator.
 
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
Transforming PMO Success with AI - Discover OnePlan Strategic Portfolio Work ...
 
Enterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze IncEnterprise Document Management System - Qualityze Inc
Enterprise Document Management System - Qualityze Inc
 
eAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspectionseAuditor Audits & Inspections - conduct field inspections
eAuditor Audits & Inspections - conduct field inspections
 
Fields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptxFields in Java and Kotlin and what to expect.pptx
Fields in Java and Kotlin and what to expect.pptx
 
Kawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in TrivandrumKawika Technologies pvt ltd Software Development Company in Trivandrum
Kawika Technologies pvt ltd Software Development Company in Trivandrum
 
Introduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptxIntroduction-to-Software-Development-Outsourcing.pptx
Introduction-to-Software-Development-Outsourcing.pptx
 
How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?How Does the Epitome of Spyware Differ from Other Malicious Software?
How Does the Epitome of Spyware Differ from Other Malicious Software?
 
Webinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.pptWebinar_050417_LeClair12345666777889.ppt
Webinar_050417_LeClair12345666777889.ppt
 
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales CoverageSales Territory Management: A Definitive Guide to Expand Sales Coverage
Sales Territory Management: A Definitive Guide to Expand Sales Coverage
 
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software TeamsYour Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
Your Vision, Our Expertise: TECUNIQUE's Tailored Software Teams
 
Growing Oxen: channel operators and retries
Growing Oxen: channel operators and retriesGrowing Oxen: channel operators and retries
Growing Oxen: channel operators and retries
 
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdfARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
ARM Talk @ Rejekts - Will ARM be the new Mainstream in our Data Centers_.pdf
 

Passwordless login with unix auth_socket

  • 1. © 2015 MariaDB Foundation1 * * Passwordless login with unix auth_socket Otto Kekäläinen 12.10.2015 MySQL User Group NL Amsterdam
  • 3. Password management is a pain ssh host1.example.com Password: XXX $ mysql -u root -p Password: XYZ ssh host1.example.com Password: ZZZ $ mysql -u root -p Password: ZYX What if the sysadmin has 20 hosts to manage?
  • 4. Automating passwords hurts even more Example: Ansible scripts for cluster # Galera replicates users table and nodes need to have the same debian-sys-maint configs - name: update debian-sys-maint user mysql_user: name: debian-sys-maint password: "{{ galera_debian_sys_maint_password }}" priv: "*.*:ALL,GRANT" append_privs: yes host: localhost state: present # Update same debian-sys-maint configs for all nodes - name: update debian.cnf template: src: debian.cnf.j2 dest: /etc/mysql/debian.cnf mode: 0600 owner: mysql group: root - name: Create xtrabackup user and grant priviledges mysql_user: name: xtrabackup password: "{{ galera_xtrabackup_password }}" priv: "*.*:RELOAD,LOCK TABLES,REPLICATION CLIENT,SUPER" append_privs: yes host: localhost state: present - name: update mysql root password for all root accounts mysql_user: name: root host: "{{ item }}" priv: "*.*:ALL,GRANT" password: "{{ galera_root_password }}" with_items: - "{{ inventory_hostname }}" - 127.0.0.1 - ::1 - localhost ignore_errors: True Failing to sync the password configuration makes the node fail completely.
  • 5. The irony ssh host1.example.com Password: XXX root$ mysql -u root -p Password: XYZ Mysqld: wrong password! root$ service mysql stop root$ scp -r /var/lib/mysql host2.example.com root$ rm -rf root$ echo ”Revenge!” | wall
  • 6. Goal: eliminate the root passwords Yes, Debian/Ubuntu has two MariaDB [mysql]> select host,user,plugin from user; +-----------+------------------+--------+ | host | user | plugin | +-----------+------------------+--------+ | localhost | root | | | htpc | root | | | 127.0.0.1 | root | | | ::1 | root | | | localhost | debian-sys-maint | | +-----------+------------------+--------+ $ cat /etc/mysql/debian.cnf # Automatically generated for Debian scripts. DO NOT TOUCH! [client] host = localhost user = debian-sys-maint password = z3tm0eLnX6k2fnvb socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = debian-sys-maint password = z3tm0eLnX6k2fnvb socket = /var/run/mysqld/mysqld.sock basedir = /usr
  • 7. unix_socket to the rescue! MariaDB [mysql]> install plugin unix_socket SONAME 'auth_socket'; MariaDB [mysql]> grant usage on *.* to 'root'@'localhost' identified via unix_socket; MariaDB [mysql]> select host,user,plugin from user; +-----------+------------------+-------------+ | host | user | plugin | +-----------+------------------+-------------+ | localhost | root | unix_socket | | htpc | root | | | 127.0.0.1 | root | | | ::1 | root | | | localhost | debian-sys-maint | | +-----------+------------------+-------------+
  • 8. unix_socket in action root$ mysql -u root Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 38 Server version: 5.5.44-MariaDB-1ubuntu0.14.04.2 (Ubuntu) user$ sudo mysql -u root Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 29 Server version: 5.5.44-MariaDB-1ubuntu0.14.04.2 (Ubuntu) MariaDB [(none)]>
  • 9. unix_socket in action root$ mysql Welcome to the MariaDB monitor. Commands end with ; or g. root$ mysql -u root -psurelywrongpassword Welcome to the MariaDB monitor. Commands end with ; or g. root$ mysql -u somebodyelse ERROR 1045 (28000): Access denied for user 'somebodyelse'@'localhost' (using password: NO)
  • 10. Caveat: logging in as root with password from the local host (using whatever name) will stop working user$ mysql -u root -p Enter password: ERROR 1698 (28000): Access denied for user 'root'@'localhost' user$ mysql -u root -h 127.0.0.1 -p Enter password: ERROR 1698 (28000): Access denied for user 'root'@'localhost'
  • 11. Great! When will this be by default? ● Now: New installs in Debian unstable ● Soon: New installs in Ubuntu 15.10 ● Some day: official in all MariaDB releases ..but only new installs. We don't want to mess up password usage in normal version upgrades.
  • 12. Credits and contributions Development done ● by me (mariadb.org) and Daniel Black (openquery.com.au) ● in Debian (http://git.debian.org/?p=pkg-mysql/mariadb-10.0.git) Contributions are welcome!
  • 13. © 2015 MariaDB Foundation14 Thanks! mariadb.org @ottokekalainen otto@mariadb.org