SASL support in MySQL (Vintela's patch)
M.Kondrin
mkondrin at hppi.troitsk.ru
Sat Jan 28 05:31:30 EST 2006
M.Kondrin wrote:
> Hello!
> The tarball with the updated patch and small README is available at
> ftp://194.67.79.2/MySQL-SASL-patch.tgz . I've slightly tested it in
> GSSAPI and PLAIN modes (in PLAIN mode passwords were checked in
> Kerberos). Suggestions and bugreports welcome!
> M.Kondrin
>
I have been asked what this patch is for. This is a replacement for
standard authentication procedure of MySQL when passwords supplied by
users are checked against mysql.user table. The patch gives an option to
authenticate user by means of SASL. For PLAIN mechanism there is not
much difference but in GSSAPI mode for example it becomes possible to
embed MySQL into single sign-on system when the user authenticates in
MySQL by providing his TGT acquired during system logon. May be OTP
mechanism can be of some value here too. If mechanism allows security
level than it would be possible to have an encryption as a side-effect
but this is not implemented yet.
I was looking for an GSSAPI support for MySQL when I tripped over
vintela's patch. Extending this patch proved to be easier than
implementing GSSAPI from scratch.
There is some more info on vintela's page and in the little README
packed into the tarball.
M.Kondrin
More information about the Cyrus-sasl
mailing list