MySQL 8.0.14 新的密码认证方式和客户端连接

　　　　　　　　　　　　MySQL 8.0.14 新的密码认证方式和客户端连接

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　做者：尹正杰

版权声明：原创做品，谢绝转载！不然将追究法律责任。

 

 　　MySQL8.0在密码认证方式发生了改变，这也是有点小伙伴在MySQL建立了想用的用户，也进行了受权操做，死活链接不上的MySQL的缘由，归根究底仍是MySQL官方作了优化操做，可让客户端更快的链接到MySQL数据库，说白了就是加密方式发生了改变！咱们在建立用户时须要手动设置认证方式，由于目前主流的MySQL图形化破解版工具，暂时还不支持MySQL8.0默认的密码策略，修改方式可参考官方网站：https://dev.mysql.com/doc/refman/8.0/en/alter-user.html。

 

 

一.MySQL8新的密码认证方式

　　其实在MySQL8.0版本以前，MySQL使用的加密方式是“mysql_native_passowrd"，在MySQL8.0以后，加密的方式改成“caching_sha2_password”，从字面意思理解，后者的加密方式应该更高效，以便提高客户端的链接速度。

1>.使用MySQL5.7版本查看用户的加密插件

 

2>使用MySQL8.0版本查看用户的加密插件

[root@node105 ~]# mysql -uroot -pyinzhengjie
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.14 MySQL Community Server - GPL

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
mysql> SELECT user,host,plugin from mysql.user where user='root';
+------+-----------+-----------------------+
| user | host      | plugin                |
+------+-----------+-----------------------+
| root | localhost | caching_sha2_password |
+------+-----------+-----------------------+
1 row in set (0.00 sec)

mysql> 
mysql> quit
Bye
[root@node105 ~]# 
[root@node105 ~]# 

 

 

二.建立两个测试用户

[root@node105 ~]# mysql -uroot -pyinzhengjie
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.14 MySQL Community Server - GPL

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
mysql> 
mysql> CREATE USER yzj@'%' IDENTIFIED BY 'yinzhengjie';　　　　　　　　　　　　　　　　　　　　　　　　　　　　#这里咱们没有指定MySQL的plugin的认证方式，MySQL8.0默认的认证方式是caching_sha2_password.
Query OK, 0 rows affected (0.01 sec)

mysql> 
mysql>  CREATE USER yinzhengjie@'%' IDENTIFIED WITH mysql_native_password BY 'yinzhengjie';　　　　　　#咱们这里指定了MySQL的plugin的认证方式为mysql_native_password.
Query OK, 0 rows affected (0.00 sec)

mysql> 
mysql> SELECT user,host,plugin FROM mysql.user;
+------------------+-----------+-----------------------+
| user             | host      | plugin                |
+------------------+-----------+-----------------------+
| yinzhengjie      | %         | mysql_native_password |
| yzj              | %         | caching_sha2_password |
| mysql.infoschema | localhost | caching_sha2_password |
| mysql.session    | localhost | caching_sha2_password |
| mysql.sys        | localhost | caching_sha2_password |
| root             | localhost | caching_sha2_password |
+------------------+-----------+-----------------------+
rows in set (0.00 sec)

mysql>
mysql> GRANT ALL on *.* TO yzj@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> 
mysql> GRANT ALL on *.* TO yinzhengjie@'%';
Query OK, 0 rows affected (0.01 sec)

mysql> 
mysql> SHOW GRANTS FOR yzj@'%';
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for yzj@%                                                                                                                                                                                                                                                                                                                                                                 |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `yzj`@`%`    |
| GRANT APPLICATION_PASSWORD_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `yzj`@`%` |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> 
mysql> 
mysql> 
mysql> 
mysql> SHOW GRANTS FOR  yinzhengjie@'%';
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for yinzhengjie@%                                                                                                                                                                                                                                                                                                                                                                 |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `yinzhengjie`@`%`    |
| GRANT APPLICATION_PASSWORD_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_ADMIN,XA_RECOVER_ADMIN ON *.* TO `yinzhengjie`@`%` |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> 
mysql> 

 

三.客户端链接（Navicat for MySQL）

1>.使用没有指定plugin的用户来链接数据库（yzj）

 

2>.使用指定plugin的用户来链接数据库（yinzhengjie）

 

 

 

四.总结

　　目前市场上主流的客户端链接工具支持的密码认证为“mysql_native_password”，暂时不支持“caching_sha2_password”认证方式。