40
40
\fBmysql_config_editor\fR
41
utility (available as of MySQL 5\&.6\&.6) enables you to store authentication credentials in an encrypted login file named
41
utility (available as of MySQL 5\&.6\&.6) enables you to store authentication credentials in an encrypted login path file named
42
42
\&.mylogin\&.cnf\&. The file location is the
44
44
directory on Windows and the current user\*(Aqs home directory on non\-Windows systems\&. The file can be read later by MySQL client programs to obtain authentication credentials for connecting to MySQL Server\&.
46
To specify an alternate file name, set the
46
The unencrypted format of the
48
login path file consists of option groups, similar to other option files\&. Each option group in
52
which is a group that permits only certain options:
58
\fBsocket\fR\&. Think of a login path option group as a set of values that indicate the server host and the options for connecting to the MySQL server there\&. Here is an unencrypted example:
66
password = mydefaultpass
67
host = 127\&.0\&.0\&.1
70
password = myotherpass
77
When you invoke a client program to connect to the server, the client uses
79
in conjunction with other option files\&. Its precedence is higher than other option files, but less than options specified explicitly on the client command line\&. For information about the order in which option files are used, see
80
Section\ \&4.2.6, \(lqUsing Option Files\(rq\&.
81
.\" MYSQL_TEST_LOGIN_FILE environment variable
82
.\" environment variable: MYSQL_TEST_LOGIN_FILE
84
To specify an alternate login path file name, set the
47
85
MYSQL_TEST_LOGIN_FILE
48
environment variable\&. This variable is used by the
86
environment variable\&. This variable is recognized by
87
\fBmysql_config_editor\fR, by standard MySQL clients (\fBmysql\fR,
88
\fBmysqladmin\fR, and so forth), and by the
49
89
\fBmysql\-test\-run\&.pl\fR
50
testing utility, but also is recognized by
52
and by MySQL clients such as
54
\fBmysqladmin\fR, and so forth\&.
92
Programs use groups in the login path file as follows:
102
\fBmysql_config_editor\fR
105
login path by default if you specify no
106
\fB\-\-login\-path=\fR\fB\fIname\fR\fR
107
option to indicate explicitly which login path to use\&.
119
\fB\-\-login\-path\fR
120
option, client programs read the same option groups from the login path file that they read from other option files\&. Consider this command:
138
groups from other option files, so it reads them from the login path file as well\&.
150
\fB\-\-login\-path\fR
151
option, client programs additionally read the named login path from the login path ile\&. The option groups read from other option files remain the same\&. Consider this command:
157
shell> \fBmysql \-\-login\-path=mypath\fR
169
from other option files, and
173
from the login path file\&.
184
Client programs read the login path file even when the
185
\fB\-\-no\-defaults\fR
186
option is used\&. This permits passwords to be specified in a safer way than on the command line even if
187
\fB\-\-no\-defaults\fR
56
191
\fBmysql_config_editor\fR
59
file so it cannot be read as clear text, and its contents when decrypted by client programs are used only in memory\&. In this way, passwords can be stored in a file in non\-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable\&.
194
file so it cannot be read as cleartext, and its contents when decrypted by client programs are used only in memory\&. In this way, passwords can be stored in a file in non\-cleartext format and used later without ever needing to be exposed on the command line or in an environment variable\&.
60
195
\fBmysql_config_editor\fR
63
command that enables the user to display the file contents, but even in this case, password values are masked so as never to appear in a way that other users can see them\&.
198
command for displaying the login path file contents, but even in this case, password values are masked so as never to appear in a way that other users can see them\&.
65
200
The encryption used by
66
201
\fBmysql_config_editor\fR
67
202
prevents passwords from appearing in
69
as clear text and provides a measure of security by preventing inadvertent password exposure\&. For example, if you display a regular unencrypted
204
as cleartext and provides a measure of security by preventing inadvertent password exposure\&. For example, if you display a regular unencrypted
71
206
option file on the screen, any passwords it contains are visible for anyone to see\&. With
72
207
\&.mylogin\&.cnf, that is not true\&. But the encryption used will not deter a determined attacker and you should not consider it unbreakable\&. A user who can gain system administration privileges on your machine to access your files could decrypt the
74
209
file with some effort\&.
76
The login file must be readable and writable to the current user, and inaccessible to other users\&. Otherwise,
211
The login path file must be readable and writable to the current user, and inaccessible to other users\&. Otherwise,
77
212
\fBmysql_config_editor\fR
78
ignores it, and the file is not used by client programs, either\&. On Windows, this constraint does not apply; instead, the user must have access to the
213
ignores it, and client programs do not use it, either\&. On Windows, this constraint does not apply; instead, the user must have access to the
82
The unencrypted format of the
84
login file consists of option groups, similar to other option files\&. Each option group in
88
which is a group that permits only a limited set of options:
91
\fBpassword\fR\&. Think of a login path as a set of values that indicate the server host and the credentials for authenticating with the server\&. Here is an example:
100
host = 127\&.0\&.0\&.1
106
When you invoke a client program to connect to the server,
108
is used in conjunction with other option files\&. Its precedence is higher than other option files, but less than options specified explicitly on the client command line\&. For information about the order in which option files are used, see
109
Section\ \&4.2.6, \(lqUsing Option Files\(rq\&.
218
\fBmysql_config_editor\fR
231
If the login path file does not exist,
232
\fBmysql_config_editor\fR
235
Command arguments are given as follows:
125
245
\fIprogram_options\fR
126
246
consists of general
127
247
\fBmysql_config_editor\fR
130
indicates what command to perform, and
131
\fIcommand_options\fR
132
indicates any additional options needed by the command\&.
134
The command indicates what action to perform on the
260
indicates what action to perform on the
136
login file\&. For example,
262
login path file\&. For example,
138
264
writes a login path to the file,
140
266
removes a login path, and
142
displays login path contents\&. Any options given provide information to the command, such as the login path name and the values to use in the login path\&.
268
displays login path contents\&.
279
\fIcommand_options\fR
280
indicates any additional options specific to the command, such as the login path name and the values to use in the login path\&.
144
283
The position of the command name within the set of program arguments is significant\&. For example, these command lines have the same arguments, but produce different results:
150
mysql_config_editor \-\-help set
151
mysql_config_editor set \-\-help
289
shell> \fBmysql_config_editor \-\-help set\fR
290
shell> \fBmysql_config_editor set \-\-help\fR
157
The first command line displays general
296
The first command line displays a general
158
297
\fBmysql_config_editor\fR
159
help, and ignores the
298
help message, and ignores the
161
command\&. The second command line displays help for the
300
command\&. The second command line displays a help message specific to the
165
Suppose that you want to establish two login paths named
304
Suppose that you want to establish a
306
login path that defines your default connection parameters, and an additional login path named
169
for connecting to the local MySQL server and a server on the host
170
remote\&.example\&.com\&. You want to authenticate to the local server with a user name and password of
308
for connecting to the MySQL server the host
309
remote\&.example\&.com\&. You want to log in as follows:
319
By default, to the local server with a user name and password of
173
localpass, and to the remote server with a user name and password of
333
To the remote server with a user name and password of
176
remotepass\&. To set up the login paths in the
339
To set up the login paths in the
178
341
file, use the following
180
commands\&. Enter each command on a single line, then enter the appropriate password when prompted\&.
343
commands\&. Enter each command on a single line, and enter the appropriate passwords when prompted:
186
shell> \fBmysql_config_editor set \-\-login\-path=local
349
shell> \fBmysql_config_editor set \-\-login\-path=client
187
350
\-\-host=localhost \-\-user=localuser \-\-password\fR
188
351
Enter password: \fIenter password "localpass" here\fR
189
352
shell> \fBmysql_config_editor set \-\-login\-path=remote
225
command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path\&. Password values are masked and do not appear as clear text\&.
227
As shown by the preceding examples, the
229
file can contain multiple login paths\&. In this way,
395
command displays each login path as a set of lines beginning with a group header indicating the login path name in square brackets, followed by the option values for the login path\&. Password values are masked and do not appear as cleartext\&.
397
If you do not specify
399
to display all login paths or
400
\fB\-\-login\-path=\fR\fB\fIname\fR\fR
401
to display a named login path, the
405
login path by default, if there is one\&.
407
As shown by the preceding example, the login path file can contain multiple login paths\&. In this way,
230
408
\fBmysql_config_editor\fR
231
409
makes it easy to set up multiple
232
410
\(lqpersonalities\(rq
233
for connecting to different MySQL servers\&. Any of these can be selected by name later using the
411
for connecting to different MySQL servers, or for connecting to a given server using different accounts\&. Any of these can be selected by name later using the
234
412
\fB\-\-login\-path\fR
235
option when you invoke a client program\&. For example, to connect to the local server, use this command:
241
shell> \fBmysql \-\-login\-path=local\fR
247
To connect to the remote server, use this command:
413
option when you invoke a client program\&. For example, to connect to the remote server, use this command:
431
option groups from other option files, and the
435
groups from the login path file\&.
437
To connect to the local server, use this command:
443
shell> \fBmysql \-\-login\-path=client\fR
455
login paths by default, the
456
\fB\-\-login\-path\fR
457
option does not add anything in this case\&. That command is equivalent to this one:
469
Options read from the login path file take precedence over options read from other option files\&. Options read from login path groups appearing later in the login path file take precedence over options read from groups appearing earlier in the file\&.
471
\fBmysql_config_editor\fR
472
adds login paths to the login path file in the order you create them, so you should create more general login paths first and more specific paths later\&. If you need to move a login path within the file, you can remove it, then recreate it to add it to the end\&.
262
477
\fBmysql_config_editor\fR
263
to create a login path, you need not specify all three possible option values (host name, user name, and password)\&. Only those values given are written to the path\&. Any missing values required later can be specified when you invoke a client path to connect to the MySQL server, either in other option files or on the command line\&. Also, any options specified on the command line override those in option files, including the
265
file\&. For example, if the credentials in the
478
to create a login path, you need not specify all possible option values (host name, user name, password, port, socket)\&. Only those values given are written to the path\&. Any missing values required later can be specified when you invoke a client path to connect to the MySQL server, either in other option files or on the command line\&. Any options specified on the command line override those specified in the login path file or other option files\&. For example, if the credentials in the
267
480
login path also apply for the host
268
remote2\&.example\&.com, you can connect to the server on that host like this:
481
remote2\&.example\&.com, connect to the server on that host like this:
282
file, if it exists, is read in all cases, even when the
283
\fB\-\-no\-defaults\fR
284
option is used\&. This permits passwords to be specified in a safer way than on the command line even if
285
\fB\-\-no\-defaults\fR
287
mysql_config_editor Commands.PP
493
mysql_config_editor General Options.PP
494
\fBmysql_config_editor\fR
495
supports the following general options, which may be used preceding any command named on the command line\&. For descriptions of command\-specific options, see
496
mysql_config_editor Commands and Command-Specific Options\&.
506
.\" mysql_config_editor: help option
507
.\" help option: mysql_config_editor
511
Display a general help message and exit\&.
513
To see a command\-specific help message, invoke
514
\fBmysql_config_editor\fR
517
is a command other than
524
shell> \fBmysql_config_editor \fR\fB\fIcommand\fR\fR\fB \-\-help\fR
539
.\" mysql_config_editor: debug option
540
.\" debug option: mysql_config_editor
541
\fB\-\-debug[=\fR\fB\fIdebug_options\fR\fR\fB]\fR,
542
\fB\-# \fR\fB\fIdebug_options\fR\fR
544
Write a debugging log\&. A typical
547
d:t:o,\fIfile_name\fR\&. The default is
548
d:t:o,/tmp/mysql_config_editor\&.trace\&.
559
.\" mysql_config_editor: verbose option
560
.\" verbose option: mysql_config_editor
564
Verbose mode\&. Print more information about what the program does\&. This option may be helpful in diagnosing problems if an operation does not have the effect you expect\&.
575
.\" mysql_config_editor: version option
576
.\" version option: mysql_config_editor
580
Display version information and exit\&.
582
mysql_config_editor Commands and Command\-Specific Options.PP
288
583
This section describes the permitted
289
584
\fBmysql_config_editor\fR
290
commands, and the interpretation of options that have a command\-specific meaning\&. In addition,
291
\fBmysql_config_editor\fR
292
takes other options that can be used with any command, such as
294
to produce more information as
295
\fBmysql_config_editor\fR
296
executes\&. This option may be helpful in diagnosing problems if an operation does not have the effect you expect\&. For a list of supported options, see
297
\fBmysql_config_editor\fR Options\&.
585
commands, and, for each one, the command\-specific options permitted following the command name on the command line\&.
588
\fBmysql_config_editor\fR
589
supports general options that can be used preceding any command\&. For descriptions of these options, see
590
mysql_config_editor General Options\&.
299
592
\fBmysql_config_editor\fR
300
593
supports these commands:
323
633
print [\fIoptions\fR]
325
Print the contents of
327
in unencrypted form\&. Passwords are displayed as
635
Print the contents of the login path file in unencrypted form, with the exception that passwords are displayed as
332
command takes these options:
344
Print all login paths\&.
355
\fB\-\-login\-path=\fR\fB\fIname\fR\fR
357
Print the named login path\&.
360
If no login path is specified, the default path name is
638
The default login path name is
640
if no login path is named\&. If both
364
643
\fB\-\-login\-path\fR
367
646
takes precedence\&.
650
command permits these options following the command name:
663
Display a help message for the
667
To see a general help message, use
668
\fBmysql_config_editor \-\-help\fR\&.
681
Print the contents of all login paths in the login path file\&.
692
\fB\-\-login\-path=\fR\fB\fIname\fR\fR,
693
\fB\-G \fR\fB\fIname\fR\fR
695
Print the contents of the named login path\&.
378
707
remove [\fIoptions\fR]
380
Remove a login path from the
386
command takes these options:
398
Remove the host name from the login path\&.
409
\fB\-\-login\-path=\fR\fB\fIname\fR\fR
411
The login path to remove\&. If this option is not given, the default path name is
425
Remove the password from the login path\&.
438
Remove the TCP/IP port number from the login path\&.
451
Remove the Unix socket file name from the login path\&.
464
Remove the user name from the login path\&.
471
options are supported for the
473
command as of MySQL 5\&.6\&.9\&. The
477
options are supported for the
479
command as of MySQL 5\&.6\&.11
483
command removes from the login path only such values as are specified with the
709
Remove a login path from the login path file, or modify a login path by removing options from it\&.
711
This command removes from the login path only such options as are specified with the
485
713
\fB\-\-password\fR,
487
715
\fB\-\-socket\fR, and
489
options\&. If none of them is given,
717
options\&. If none of those options are given,
491
719
removes the entire login path\&. For example, this command removes only the
495
723
login path rather than the entire
731
shell> \fBmysql_config_editor remove \-\-login\-path=mypath \-\-user\fR
737
This command removes the entire
745
shell> \fBmysql_config_editor remove \-\-login\-path=mypath\fR
753
command permits these options following the command name:
766
Display a help message for the
770
To see a general help message, use
771
\fBmysql_config_editor \-\-help\fR\&.
785
Remove the host name from the login path\&. This option was added in MySQL 5\&.6\&.9\&.
796
\fB\-\-login\-path=\fR\fB\fIname\fR\fR,
797
\fB\-G \fR\fB\fIname\fR\fR
799
The login path to remove or modify\&. The default login path name is
503
mysql_config_editor remove \-\-login\-path=client \-\-user
520
Empty the contents of the
522
file\&. The file is created if it does not exist\&.
801
if this option is not given\&.
815
Remove the password from the login path\&. This option was added in MySQL 5\&.6\&.9\&.
829
Remove the TCP/IP port number from the login path\&. This option was added in MySQL 5\&.6\&.11\&.
843
Remove the Unix socket file name from the login path\&. This option was added in MySQL 5\&.6\&.11\&.
857
Remove the user name from the login path\&. This option was added in MySQL 5\&.6\&.9\&.
871
Warn and prompt the user for confirmation if the command attempts to remove the default login path (client) and
872
\fB\-\-login\-path=client\fR
873
was not specified\&. This option is enabled by default; use
887
reset [\fIoptions\fR]
889
Empty the contents of the login path file\&.
893
command permits these options following the command name:
906
Display a help message for the
910
To see a general help message, use
911
\fBmysql_config_editor \-\-help\fR\&.
533
923
set [\fIoptions\fR]
535
Write a login path to the
541
command takes these options:
551
\fB\-\-host=\fR\fB\fIhost_name\fR\fR
553
The host name to write to the login path\&.
564
\fB\-\-login\-path=\fR\fB\fIname\fR\fR
566
The login path to create\&. If this option is not given, the default path name is
580
Prompt for a password to write to the login path\&.
591
\fB\-\-port=\fR\fB\fIport_num\fR\fR
593
The TCP/IP port number to write to the login path\&.
604
\fB\-\-socket=\fR\fB\fIfile_name\fR\fR
606
The Unix socket file to write to the login path\&.
617
\fB\-\-user=\fR\fB\fIuser_name\fR\fR
619
The user name to write to the login path\&.
626
options are supported for the
628
command as of MySQL 5\&.6\&.11
632
command writes to the login path only such values as are specified with the
925
Write a login path to the login path file\&.
927
This command writes to the login path only such options as are specified with the
634
929
\fB\-\-password\fR,
681
.\" mysql_config_editor: help option
682
.\" help option: mysql_config_editor
686
Display a help message and exit\&. If preceded by a command name such as
952
Display a help message for the
689
remove, displays information about that command\&.
700
.\" mysql_config_editor: all option
701
.\" all option: mysql_config_editor
706
command, print all login paths in the login file\&.
717
.\" mysql_config_editor: debug option
718
.\" debug option: mysql_config_editor
719
\fB\-\-debug[=\fR\fB\fIdebug_options\fR\fR\fB]\fR,
720
\fB\-# \fR\fB\fIdebug_options\fR\fR
722
Write a debugging log\&. A typical
725
d:t:o,\fIfile_name\fR\&. The default is
737
.\" mysql_config_editor: host option
738
.\" host option: mysql_config_editor
956
To see a general help message, use
957
\fBmysql_config_editor \-\-help\fR\&.
739
968
\fB\-\-host=\fR\fB\fIhost_name\fR\fR,
740
969
\fB\-h \fR\fB\fIhost_name\fR\fR
744
command, the host name to write to the login path\&. For the
746
command, removes the host name from the login path\&.
971
The host name to write to the login path\&.
787
.\" mysql_config_editor: password option
788
.\" password option: mysql_config_editor
789
998
\fB\-\-password\fR,
795
\fBmysql_config_editor\fR
796
to prompt for a password and write the value entered by the user to the login path\&. After
797
\fBmysql_config_editor\fR
798
starts and displays the prompt, the user should type the password and press Enter\&. To prevent other users from seeing the password,
1001
Prompt for a password to write to the login path\&. After
1002
\fBmysql_config_editor\fR
1003
displays the prompt, type the password and press Enter\&. To prevent other users from seeing the password,
799
1004
\fBmysql_config_editor\fR
800
1005
does not echo it\&.
802
This option does not permit a password value following the option name\&. That is, with
803
\fBmysql_config_editor\fR, you never enter a password on the command line where it might be seen by other users\&. This differs from most other MySQL programs, which permit the password to be given on the command line as
804
\fB\-\-password=\fR\fB\fIpass_val\fR\fR
806
\fB\-p\fR\fB\fIpass_val\fR\fR\&. (That practice is insecure and should be avoided, however\&.)
1007
To specify an empty password, press Enter at the password prompt\&. The resulting login path written to the login path file will include a line like this:
810
command, removes the password from the login path\&.
861
.\" mysql_config_editor: user option
862
.\" user option: mysql_config_editor
863
1056
\fB\-\-user=\fR\fB\fIuser_name\fR\fR,
864
1057
\fB\-u \fR\fB\fIuser_name\fR\fR
868
command, the user name to write to the login path\&. For the
870
command, removes the user name from the login path\&.
881
.\" mysql_config_editor: verbose option
882
.\" verbose option: mysql_config_editor
886
Verbose mode\&. Print more information about what the program does\&.
897
.\" mysql_config_editor: version option
898
.\" version option: mysql_config_editor
902
Display version information and exit\&.
913
.\" mysql_config_editor: warn option
914
.\" warn option: mysql_config_editor
1059
The user name to write to the login path\&.
1064
\h'-04'\(bu\h'+03'\c
920
command, warn and prompt the user for confirmation if the command attempts to overwrite an existing login path\&. This option is enabled by default; use
1073
Warn and prompt the user for confirmation if the command attempts to overwrite an existing login path\&. This option is enabled by default; use
921
1074
\fB\-\-skip\-warn\fR
922
1075
to disable it\&.