Hi Shawn, I understand the logic behind seperating local and remote users, postgresql does the same thing in its pg_hba.conf file. However, what I don't understand is the way this turned out to be such a huge problem (for me), as it worked already with MySQL-5.1 a few years ago. I've worked with other DBMs a bit as well, so I am not an absolute noob.
To be honest I am a bit troubled with your explanation. If the % does not include "localhost", why is it now possible to me to login as "someone"@"%" after I have deleted that anonymous user claudio mentioned (thanks again!). Furthermore, why does mysql print "access denied for someone@localhost" even when I specify -h127.0.0.1? Thanks a lot for your response, Clemens > On Unix-based systems the alias 'localhost' implies the local Unix socket, > not a networking port. The important part to notice is that you created a > user from "@%" but the error message said "@localhost". As that is a local > socket, the pattern matching algorithm applied to the % to compare the > incoming address (the source of the networked connection) to the account > fails. Therefore it does not match to @localhost as the network was not > involved. > > There is a logic behind this method of operation. Users with physical access > to the machine (or remote access through tunneling protocols like ssh) are > local to the files and processes themselves. The security exposure for this > type of user means that this is most likely a very privileged person and > they probably need to be allowed privileges for full administrative actions. > Therefore a local MySQL user (coming in through the local Unix socket) may > be assigned very different permissions than a user who happens to know the > administrative account's password but is only allowed to login remotely (via > the network). By keeping @localhost separate from @<host matching patterns>, > we allow you (the DBA) to deny privileged access to any other user that > cannot login directly from the host machine. > > Hopefully, this clarifies why your localhost account was unable to login. > > Additional reading: > http://dev.mysql.com/doc/refman/5.5/en/connection-access.html > > -- > Shawn Green > MySQL Principal Technical Support Engineer > Oracle USA, Inc. - Hardware and Software, Engineered to Work Together. > Office: Blountville, TN > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/mysql > -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql
