SASL support in MySQL (Vintela's patch)

M.Kondrin mkondrin at hppi.troitsk.ru
Sat Jan 28 05:31:30 EST 2006


M.Kondrin wrote:
> Hello!
> The tarball with the updated patch and small README is available at
> ftp://194.67.79.2/MySQL-SASL-patch.tgz . I've slightly tested it in
> GSSAPI and PLAIN modes (in PLAIN mode passwords were checked in
> Kerberos). Suggestions and bugreports welcome!
> M.Kondrin
> 
I have been asked what this patch is for. This is a replacement for 
standard authentication procedure of MySQL when passwords supplied by 
users are checked against mysql.user table. The patch gives an option to 
authenticate user by means of SASL. For PLAIN mechanism there is not 
much difference but in GSSAPI mode for example it becomes possible to 
embed MySQL into single sign-on system when the user authenticates in 
MySQL by providing his TGT acquired during system logon. May be OTP 
mechanism can be of some value here too. If mechanism allows security 
level than it would be possible to have an encryption as a side-effect 
but this is not implemented yet.
I was looking for an GSSAPI support for MySQL when I tripped over 
vintela's patch. Extending this patch proved to be easier than 
implementing GSSAPI from scratch.
There is some more info on vintela's page and in the little README 
packed into the tarball.
M.Kondrin


More information about the Cyrus-sasl mailing list