Mysql8.0以上的版本更改了加密规则,这可能需要你多研究一下遇到的问题。我记得需要修改Django框架中的一些源码。
在 2020年5月20日星期三 UTC+8上午9:37:33,Edward Rose写道:
>
> Hello - Does Django have any support for the web application itself being
> able to connect to MySQL using Kerberos Authentication / GSSAPI rather than
> a hard coded database user name and password?
>
> I have searched around the web for a while and am still trying to find a
> way to get a Django web app itself to authenticate to a MySQL DB equipped
> with GSSAPI plugin via Kerberos. The Django app runs off Apache started in
> this way:
>
> k5start -u user/server@domain -f /etc/krb5.keytab -- /usr/sbin/httpd
> -DFOREGROUND
>
> The user/server user exists on the DB with adequate permissions. Moreover,
> on the command line this works and connects up fine:
>
> k5start -u user/server@domain -f /etc/krb5.keytab -- mysql -u user/server
>
> However, I've tried getting the web app to connect to the DB (the app
> itself, not worrying about the user authentication yet) about a million
> different ways. I verified the user running the web app is apache even when
> run started up the k5start way. Nonetheless any requests are met with this
> error:
>
> (1105, 'Client GSSAPI error (major 851968, minor 0) : gss_init_sec_context -
> Unspecified GSS failure. Minor code may provide more information. ')
>
>
> The settings.py configuration for the database is as follows:
>
> DATABASES = {
> 'default': {
> 'ENGINE': 'django.db.backends.mysql',
> 'NAME': 'my_database',
> 'USER': 'user/server@domain',
> #'PASSWORD' : '',
> 'HOST': 'localhost', # Or an IP Address that your DB is hosted on
> 'PORT': '3306',
> }
> }
>
>
>
> Server Specs:
> Django version: 2.2.8
> Python version: 3.6.8
> OS version: RHEL 7.8 (Maipo)
> MySQL version: 10.1.45-MariaDB MariaDB Server
>
>
> I am thinking perhaps Django is just not designed to work this way? I did
> trace some of the code in the packages Django uses to connect to MySQL and
> it appears to be something along the lines of mysql_connect / the MySQL
> Connector C libraries or whatnot. And from what I saw a lot of the
> parameters the code uses following the MySQL website documentation but
> there was one parameter 'auth_plugin' or something like that, which did not
> seem to be implemented. Yet at the same time it would seem like getting
> Django to connect to the DB via kerberos would be a common problem? Again,
> this is a separate problem I'm trying to solve besides authenticating users
> to the website, rather I'm hoping to allow the app itself to authenticate
> to the database with kerb ticket, and had been hoping starting up apache in
> a kerberized way might let that happen.
>
> Any suggestions from people more Kerberos knowledgeable than I?
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/ceb2ce4c-7fa3-45fb-8f72-cff1329a3822%40googlegroups.com.
