Bug #74586 Make auth_socket more flexible
Submitted: 27 Oct 2014 9:54 Modified: 27 Feb 2015 17:13
Reporter: Daniël van Eeden (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Pluggable Authentication Severity:S4 (Feature request)
Version:5.6.21 OS:Any
Assigned to: CPU Architecture:Any
Tags: authenication, Contribution, plugin, socket

[27 Oct 2014 9:54] Daniël van Eeden 
Description:
Now auth_socket only authenticates users if the database username and unix usernames match. 

Please make it possible to have more flexible matching.

E.g.:
CREATE USER 'foo'@'localhost' IDENTIFIED WITH auth_socket AS 'myunixuser';

How to repeat:
CREATE USER 'foo'@'localhost' IDENTIFIED WITH auth_socket AS 'myunixuser';

myunixuser@here$ mysql -u foo

Suggested fix:
Also authenticate if auth_string matches with the unix user.
[27 Oct 2014 9:55] Daniël van Eeden 
Patch to add the requested functionality

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: 0001-Make-auth_socket-more-flexible.patch (text/x-diff), 1.29 KiB.
[27 Feb 2015 17:13] Paul DuBois 
Noted in 5.7.6 changelog.

Previously, the auth_socket authentication plugin checked the socket
user name only against the MySQL user name specified by the client
program to the server. Now, if those names do not match, the plugin
also checks whether the socket user name matches the name specified 
in the authentication_string column of the mysql.user table row. The
plugin permits the connection for a match in either case. Thanks to
Daniël van Eeden for the patch.