MySQL Enterprise Authentication

仅在部分商业版中提供

MySQL Enterprise Edition provides ready to use external authentication modules to easily integrate existing security infrastructures, including Linux Pluggable Authentication Modules (PAM) and Windows Active Directory. By authenticating MySQL users from centralized directories, organizations can implement Single Sign On. The same user names, passwords and permissions can be used. This makes MySQL DBAs more productive by eliminating the need to manage credentials in individual systems. It also makes IT infrastructures more secure by leveraging existing security rules and processes (e.g. identifying weak passwords and managing password expiration).

MySQL users can be authenticated using PAM or native Windows OS services.

  • MySQL External Authentication for LDAP - Enables you to configure MySQL to authenticate users via LDAP (Lightweight Directory Access Protocol) servers. Users or groups of users can be specified in detail via LDAP specifications. Username/Password, SASL, GSSAPI/Kerberos authentication are supported.
  • MySQL Native Kerberos Authentication - Enables you to configure MySQL to authenticate users using Kerberos. Kerberos authentication supports userless and passwordless scenarios.
  • MySQL External Authentication for Windows - Enables you to configure MySQL to use native Windows services to authenticate client connections. Users who have logged in to Windows can connect from MySQL client programs to the server based on the token information in their environment without specifying an additional password.
  • MySQL LDAP Authentication - Enables you to configure MySQL to query LDAP and Active Directory users and groups for Authentication of client connections. Supports various LDAP authentication protocols including User/Password, GSSAPI Kerberos, and SASL. Bind mysql users to DNs to manage groups of users and their MySQL permissions.
  • MySQL Native Kerberos Authentication - Enables customers to leverage existing Kerberos authentication infrastructure such as single sign on. MySQL Enterprise both MIT (GSSAPI) and Microsoft (SSPI) Kerberos implementations.
  • MySQL External Authentication for PAM - Enables you to configure MySQL to use Linux PAMs (Pluggable Authentication Modules) to authenticate users via PAMs for various authentication methods, such as Linux passwords or an LDAP directory.
  • MySQL Multifactor Authentication - Enables you to require a user to provide two or more verification factors to access the MySQL Database. Username and passwords are vulnerable to various attacks. By requiring multiple factors adds additional security hardening to keep your organization safer from cybercrime. MySQL MFA allows you to combine up to 3 authentication methods.
MySQL External Authentication for Windows

Additional Resources