SSL Connection and emty SSL_CIPHER
Hello, I just started playing around with SSL enabled connections to the MySQL server, and so far I got everything working except that the SSL_CIPHER variable always stays empty. First I created a CA cert+key pair, then both a MySQL Server and Client cert+key pair, both signed by the CA cert. I configured ca-cert, ssl-cert and ssl-key for the Server at /etc/mysql/my.cnf and restarted the server. Now I checked whether SSL support was enabled: mysql SHOW VARIABLES LIKE '%SSL%'; +---++ | Variable_name | Value | +---++ | have_openssl | YES| | have_ssl | YES| | ssl_ca| /etc/ssl/certs/ca.crt | | ssl_capath|| | ssl_cert | /etc/ssl/private/mysql-server.crt | | ssl_cipher|| | ssl_key | /etc/ssl/private/mysql-server.key | +---++ Now I limited MySQL remote connections for user 'jonas' to SSL: mysql GRANT ALL ON *.* TO jonas REQUIRE SUBJECT '...' AND ISSUER '...'; After first getting errors because of slightly wrong subject and issuer strings, that one worked as well: $ mysql -u jonas -p --host=mysql-host --skip-ssl Enter password: ERROR 1045 (28000): Access denied for user 'jonas'@'localhost' (using password: YES) $ mysql -u jonas -p --host=mysql-host --ssl-ca=ca.crt --ssl-key=mysql-client.key --ssl-cert=mysql-client.crt Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 389 Server version: 5.0.51a-12-log (Debian) Type 'help;' or '\h' for help. Type '\c' to clear the buffer. So far everything works great. But for some reason, the SSL connection doesn't have a Cipher set: mysql SHOW VARIABLES LIKE '%SSL%'; +---++ | Variable_name | Value | +---++ | have_openssl | YES| | have_ssl | YES| | ssl_ca| /etc/ssl/certs/ca.crt | | ssl_capath|| | ssl_cert | /etc/ssl/private/mysql-server.crt | | ssl_cipher|| | ssl_key | /etc/ssl/private/mysql-server.key | +---++ 7 rows in set (0.01 sec) Do you have any suggestions why that could be? I also tried setting the cipher manually with --ssl-cipher=DHE-RSA-AES256-SHA, but that doesn't help either. To be honest, I've no idea why the cipher is empty. Thanks in advance for any help :-) greetings, jonas PS: please Cc me on replies as I'm not subscribed to the list. -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
mysql user and authentication ???
Hello, I just installed the 6.0.6 version of the mysqld on Linux using the binary RPM. The RPM installed all the programs then it started the mysqld server. I read lots of documents about mysql user and password. But I have no idea what the users are used for, and how users are created. The Linux root user is the only user that can start and stop the server. Is this fact correct? Thanks, -Alex
RE: mysql user and authentication ???
you can use GRANT statement to create and grant privs for a mysql db so users can access specific host DB servers @'server.domain' specific DB on specific Db Servers 'custom'@'server.domain'specific tables on specific DB customer.* specific privs (Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) for those specific tables on specific DBe.g.GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON customer.* TO 'custom'@'server.domain' IDENTIFIED BY 'obscure'; http://www.devshed.com/c/a/MySQL/Managing-MySQL-User-Accounts/1/ HTH/Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Sun, 31 Aug 2008 19:38:15 -0400 From: [EMAIL PROTECTED] To: mysql@lists.mysql.com Subject: mysql user and authentication ??? Hello, I just installed the 6.0.6 version of the mysqld on Linux using the binary RPM. The RPM installed all the programs then it started the mysqld server. I read lots of documents about mysql user and password. But I have no idea what the users are used for, and how users are created. The Linux root user is the only user that can start and stop the server. Is this fact correct? Thanks, -Alex _ Get thousands of games on your PC, your mobile phone, and the web with Windows®. http://clk.atdmt.com/MRT/go/108588800/direct/01/