MySQL 8.0 Release Notes
MySQL 8.0 Source Code Documentation
Pre-General Availability Draft: 2017-07-17
MySQL includes a test plugin that checks account credentials and logs success or failure to the server error log. This is a loadable plugin (not built in) and must be installed prior to use.
The test plugin source code is separate from the server source, unlike the built-in native plugin, so it can be examined as a relatively simple example demonstrating how to write a loadable authentication plugin.
Note
This plugin is intended for testing and development purposes, and is not for use in production environments or on servers that are exposed to public networks.
The following table shows the plugin and library file names. The
file name suffix might differ on your system. The file must be
located in the directory named by the
plugin_dir system variable.
Table 6.15 Plugin and Library Names for Test Authentication
| Server-side plugin name | test_plugin_server |
| Client-side plugin name | auth_test_plugin |
| Library file name | auth_test_plugin.so |
The following sections provide installation and usage information specific to test pluggable authentication:
For general information about pluggable authentication in MySQL, see Section 6.3.10, “Pluggable Authentication”.
This section describes how to install the test authentication plugin. For general information about installing plugins, see Section 5.6.2, “Installing and Uninstalling Plugins”.
To be usable by the server, the plugin library file must be
located in the MySQL plugin directory (the directory named by
the plugin_dir system
variable). If necessary, set the value of
plugin_dir at server startup
to tell the server the plugin directory location.
To load the plugin at server startup, use the
--plugin-load-add option to
name the library file that contains it. With this
plugin-loading method, the option must be given each time the
server starts. For example, put these lines in your
my.cnf file (adjust the
.so suffix for your platform as
necessary):
[mysqld]
plugin-load-add=auth_test_plugin.so
After modifying my.cnf, restart the
server to cause the new settings to take effect.
Alternatively, to register the plugin at runtime, use this
statement (adjust the .so suffix as
necessary):
INSTALL PLUGIN test_plugin_server SONAME 'auth_test_plugin.so';
INSTALL PLUGIN loads a plugin,
and also registers it in the mysql.plugins
system table to cause the plugin to be loaded for each
subsequent normal server startup.
To verify plugin installation, examine the
INFORMATION_SCHEMA.PLUGINS table
or use the SHOW PLUGINS
statement (see
Section 5.6.3, “Obtaining Server Plugin Information”). For example:
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE '%test_plugin%';
+--------------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+--------------------+---------------+
| test_plugin_server | ACTIVE |
+--------------------+---------------+If the plugin fails to initialize, check the server error log for diagnostic messages.
To associate MySQL accounts with the test plugin, see Using Test Pluggable Authentication.
The method used to uninstall the test authentication plugin depends on how you installed it:
If you installed the plugin at server startup using a
--plugin-load-addoption, restart the server without the option.If you installed the plugin at runtime using
INSTALL PLUGIN, it remains installed across server restarts. To uninstall it, useUNINSTALL PLUGIN:UNINSTALL PLUGIN test_plugin_server;
To use the test authentication plugin, create an account and
name that plugin in the IDENTIFIED WITH
clause:
CREATE USER 'testuser'@'localhost'
IDENTIFIED WITH test_plugin_server
BY 'testpassword';
Then provide the --user and
--password options for that
account when you connect to the server. For example:
shell> mysql --user=testuser --password
Enter password: testpassword
The plugin fetches the password as received from the client
and compares it with the value stored in the
authentication_string column of the account
row in the mysql.user table. If the two
values match, the plugin returns the
authentication_string value as the new
effective user ID.
You can look in the server error log for a message indicating whether authentication succeeded (notice that the password is reported as the “user”):
[Note] Plugin test_plugin_server reported:
'successfully authenticated user testpassword'