228
|
|
|
Martin Arrieta |
|
9 years ago
|
|
|
227
|
|
|
Martin Arrieta |
|
9 years ago
|
|
|
226
|
|
|
Martin Arrieta |
|
9 years ago
|
|
|
225
|
|
|
Martin Arrieta |
|
9 years ago
|
|
|
224
|
|
|
Martin Arrieta |
|
9 years ago
|
|
|
223
|
|
|
Alfranio Correia |
release-1.4.2 |
10 years ago
|
|
|
222
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|
221
|
|
|
Johannes Schlüter |
|
10 years ago
|
|
|
220
|
|
|
Mats Kindahl |
|
10 years ago
|
|
|
219
|
|
|
Mats Kindahl |
|
10 years ago
|
|
|
218
|
|
|
Geert Vanderkelen |
|
10 years ago
|
|
|
217
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|
216
|
|
WL#7455: Credentials for Fabric
Before, MySQL Fabric did not have any authentication mechanism. We have added credentials with a role-based system. Users executing commands will need to provide a username and password together with a realm.
Setup ----- The setup command will create new tables managing the users, roles and permissions. It will also prompt for a password to be set for the default user 'admin'. The default realm for XMLRPC will be 'MySQL Fabric' when it was not specified in the configuration file.
User Management --------------- Most commands executed using mysqlfabric script will prompt for a username and password. This can be set in the configuration file under section [protocol.xmlrpc] to prevent continuously asking credentials. Commands like start and setup do not require authentication.
Users can be managed through the commands found in the 'user' group, see `mysqlfabric help user`: user add <username> [<option> ...] user delete <username> [<option> ...] user password <username> [<option> ...] user roles <username> [<option> ...]
Any command that needs it, will prompt at least for a password. See `mysqlfabric help user <command>`.
It is also possible to show the currently available roles and permissions, but no other management can be currently done. See `mysqlfabric help role`.
Note that user management is local and is currently not done through protocols such as XMLRPC.
Authentication -------------- Authentication can be disabled through the configuration file by setting 'disable_authentication' to 'yes' in the [protocol.xmlrpc] section. This can be useful for testing, but by default authentication is enabled.
Client authenticate through XMLRPC using HTTP/1.1 Digest Authentication. We implemented RFC 2617 with hashing function MD5. Other mechanisms can be added later but MD5 is probably easiest to implement by client libraries.
Connectors will best connect with a user which has restricted permissions. A role named 'connector' has been created for this and gives, by default, access to the 'dump' and 'threat' commands.
SSL Support ----------- The configuration section [protocol.xmlrpc] has 3 new options named ssl_ca, ssl_key and ssl_cert. They are used to enable SSL. When they are commented out or removed, SSL is not set up. SSLv3 is currently used.
|
Geert Vanderkelen |
|
10 years ago
|
|
|
215
|
|
|
Narayanan Venkateswa... |
|
10 years ago
|
|
|
214
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|
213
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|
212
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|
211
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|
210
|
|
|
Narayanan Venkateswa... |
|
10 years ago
|
|
|
209
|
|
|
Alfranio Correia |
|
10 years ago
|
|
|