Description:
mysql -u root -pvanin -h 127.0.0.1 -e "SELECT User, Host FROM mysql.user;"
+------------------+-----------+
| User             | Host      |
+------------------+-----------+
| root             | %         |
| debian-sys-maint | localhost |
+------------------+-----------+

When connecting from remote:
~ % mysql -u root -ppass -h localhost -P3307
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

~ % mysql -u root -ppass -h 127.0.0.1 -P3307
Welcome to the MySQL monitor.  Commands end with ; or \g.

Why does 127.0.0.1 match the wildcard but 'localhost' doesn't?

Privileges have been flushed...

How to repeat:
See above.

Expected behavior, isn't it? As "localhost" in the MySQL privileges context does not refer to the 127.0.0.1 IP loopback address (or to any IP address at all) but to the Unix Domain Socket connection (usually via the socket file /tmp/mysql.sock)

Combined with --protocol=TCP '%' should work as you expect though ...

I'm pretty sure this properly documented in the online manual, too, but i'm too lazy to look it up right now ...

Hello Dieter,

Thank you for the report.
As Hartmut pointed out, this is an expected behavior.
Please reference the manual pge here - http://dev.mysql.com/doc/refman/5.5/en/connecting.html

Please also see - Bug #36576, Bug #31061

Thanks,
Umesh

The relevant line seems to be, the trivially mentioned fact: "For example, connections on Unix to localhost are made using a Unix socket file by default."
I must say this is utterly confusing though!

Damn, this has been eluding me for years! Ok, so basically localhost is not handled through TCP while % only matches TCP connections.

What about Windows? The behaviour is the same, yet I'm pretty sure that Windows's localhost is handled through TCP.