Viewing all changes in revision 216.
- Committer: Geert Vanderkelen
- Date: 2014-03-04 13:35:49 UTC
- Revision ID: geert.vanderkelen@oracle.com-20140304133549-62rdnov4diy9efeo
WL#7455: Credentials for Fabric
Before, MySQL Fabric did not have any authentication
mechanism. We have added credentials with a role-based
system. Users executing commands will need to provide
a username and password together with a realm.
Setup
-----
The setup command will create new tables managing the
users, roles and permissions. It will also prompt for
a password to be set for the default user 'admin'. The
default realm for XMLRPC will be 'MySQL Fabric' when
it was not specified in the configuration file.
User Management
---------------
Most commands executed using mysqlfabric script will
prompt for a username and password. This can be set in
the configuration file under section [protocol.xmlrpc]
to prevent continuously asking credentials.
Commands like start and setup do not require
authentication.
Users can be managed through the commands found in the
'user' group, see `mysqlfabric help user`:
user add <username> [<option> ...]
user delete <username> [<option> ...]
user password <username> [<option> ...]
user roles <username> [<option> ...]
Any command that needs it, will prompt at least for a
password. See `mysqlfabric help user <command>`.
It is also possible to show the currently available
roles and permissions, but no other management can
be currently done. See `mysqlfabric help role`.
Note that user management is local and is currently
not done through protocols such as XMLRPC.
Authentication
--------------
Authentication can be disabled through the configuration
file by setting 'disable_authentication' to 'yes' in
the [protocol.xmlrpc] section. This can be useful for
testing, but by default authentication is enabled.
Client authenticate through XMLRPC using HTTP/1.1
Digest Authentication. We implemented RFC 2617 with
hashing function MD5. Other mechanisms can be added
later but MD5 is probably easiest to implement by
client libraries.
Connectors will best connect with a user which has
restricted permissions. A role named 'connector' has
been created for this and gives, by default, access
to the 'dump' and 'threat' commands.
SSL Support
-----------
The configuration section [protocol.xmlrpc] has 3 new
options named ssl_ca, ssl_key and ssl_cert. They are
used to enable SSL. When they are commented out or
removed, SSL is not set up. SSLv3 is currently used.
Before, MySQL Fabric did not have any authentication
mechanism. We have added credentials with a role-based
system. Users executing commands will need to provide
a username and password together with a realm.
Setup
-----
The setup command will create new tables managing the
users, roles and permissions. It will also prompt for
a password to be set for the default user 'admin'. The
default realm for XMLRPC will be 'MySQL Fabric' when
it was not specified in the configuration file.
User Management
---------------
Most commands executed using mysqlfabric script will
prompt for a username and password. This can be set in
the configuration file under section [protocol.xmlrpc]
to prevent continuously asking credentials.
Commands like start and setup do not require
authentication.
Users can be managed through the commands found in the
'user' group, see `mysqlfabric help user`:
user add <username> [<option> ...]
user delete <username> [<option> ...]
user password <username> [<option> ...]
user roles <username> [<option> ...]
Any command that needs it, will prompt at least for a
password. See `mysqlfabric help user <command>`.
It is also possible to show the currently available
roles and permissions, but no other management can
be currently done. See `mysqlfabric help role`.
Note that user management is local and is currently
not done through protocols such as XMLRPC.
Authentication
--------------
Authentication can be disabled through the configuration
file by setting 'disable_authentication' to 'yes' in
the [protocol.xmlrpc] section. This can be useful for
testing, but by default authentication is enabled.
Client authenticate through XMLRPC using HTTP/1.1
Digest Authentication. We implemented RFC 2617 with
hashing function MD5. Other mechanisms can be added
later but MD5 is probably easiest to implement by
client libraries.
Connectors will best connect with a user which has
restricted permissions. A role named 'connector' has
been created for this and gives, by default, access
to the 'dump' and 'threat' commands.
SSL Support
-----------
The configuration section [protocol.xmlrpc] has 3 new
options named ssl_ca, ssl_key and ssl_cert. They are
used to enable SSL. When they are commented out or
removed, SSL is not set up. SSLv3 is currently used.
- files added:
- lib/mysql/fabric/credentials.py
- files modified:
- data/fabric.cfg.in
expand all
collapse all
added
removed
