Bug #4703 Permit authentification outside of mysql
Submitted: 22 Jul 2004 17:47 Modified: 8 Nov 2011 15:36
Reporter: Christian Kirsch Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S4 (Feature request)
Version:5.x OS:Any (any)
Assigned to: CPU Architecture:Any

[22 Jul 2004 17:47] Christian Kirsch 
Description:
Users do not necessarily want to remember loads of passwords. However, in MySQL I have to either duplicate username/passwords for every MySQL user or I have to create a new password for them. Both approaches have drawbacks: In the first case, I have to manually change the password if the user modifies it in the system to keep the two in sync. In the second case, the user has to remember a different password for access to MySQL. 

How to repeat:
Just try to connect to MySQL with your system wide username/password

Suggested fix:
I'd appreciate a separation of authentication and authorization in MySQL. Currently (as per standard SQL) all is run together: username/passwords and permissions. 
The possiblity to use some other means of authentication (like LDAP, NIS or PAM) could help in some situations: Let the user authenticate as usual and define database privileges as before. E.g:

grant privilege create table to foo@localhost identified by LDAP;

MySQL would simply pass on the username/password pair to the authentication service. If that returns "OK" (for some definition of OK), the connection to the database is established with the privileges defined in the GRANT statement. Otherwise, connection is refused.
[23 Jul 2004 17:27] Sergei Golubchik 
I agree.
We have this in todo already.
Thank you.
[8 Nov 2011 15:36] Paul DuBois 
As of MySQL 5.5.7, we have pluggable authentication that permits external authentication methods to be used. For an overview, and links to sections of the manual that have additional information, see:

http://dev.mysql.com/doc/refman/5.5/en/news-5-5-7.html