In this primer I will show how to improve the security of your MariaDB installation by using two-step verification and how to use it from your Windows GUI client.
Let’s suppose you have your data in MariaDB, installed, say, on Ubuntu. And your users connect to it to run ad hoc queries, using some sort of a Windows GUI client. You don’t want them to write the access password on post-it notes or have it auto-entered by the client. And you don’t want anyone see the password when one of the salespersons connects to the mother ship from his laptop in the Internet café. Read more
As you may know, since version 5.2.0 (released in April 2010) we support Pluggable Authentication. Using this feature one can implement an arbitrary user authentication and account management policy, completely replacing built-in MariaDB authentication with its username/password combination and mysql.user table.
Also, as you might have heard, Oracle has recently released a PAM authentication plugin for MySQL. Alas, this plugin will not run on MariaDB — although the MySQL implementation of pluggable authentication is based on ours, the API is incompatible. And, being closed source, this plugin cannot be fixed to run in MariaDB. And — I’m not making it up — this plugin does not support communication between the client and the server, so even with this plugin and all the power of PAM the only possible authentication method remains a simple username/password combination. Read more
If you want to know more about MySQL and MariaDB plugins read below. Our (Andrew Hutchings and mine) book MySQL 5.1 Plugins Development was just published by Packt. As far as I know it’s the first and the only book completely dedicated to MySQL Plugin API. It covers all existing in 5.1 plugin types, from Daemon to Storage Engines, and does not shun from explaining less known or poorly understood features of the plugin API. It describes newer plugin API extensions too – such as authentication plugins and recent CREATE TABLE extension. Read more