MySQL user password vs authentication_string

mariadbMySQLpermissions

I run following commands:

CREATE USER 'dbuser'@'%' IDENTIFIED BY PASSWORD('mypass');
CREATE USER 'dbuserx'@'%' IDENTIFIED BY PASSWORD('mypass');
SET PASSWORD FOR 'dbuser'@'%' = PASSWORD('mypass');

And that results in:

MariaDB [(none)]> select host, user, password,authentication_string from mysql.user;
+------------------+---------+-------------------------------------------+-------------------------------------------+
| host             | user    | password                                  | authentication_string                     |
+------------------+---------+-------------------------------------------+-------------------------------------------+
| %                | dbuser  |                                           | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
| %                | dbuserx | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |                                           |
+------------------+---------+-------------------------------------------+-------------------------------------------+

Is this proper? I read there is PAM in MariaDB by default, but why user creation does not store password in authentication_string right from start?

Could someone explain the difference and possible problems with this?

Mariadb 10.3

Best Answer

All of your CREATE USER syntax is 'backwards'. In the "native password" scheme:

mysql> CREATE USER 'se211604p'@'localhost'
               IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4';
Query OK, 0 rows affected (0.00 sec)

mysql> CREATE USER 'se211604m'@'localhost'
               IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host, password from user where user like 'se2%';
+-----------+-----------+-------------------------------------------+
| user      | host      | password                                  |
+-----------+-----------+-------------------------------------------+
| se211604p | localhost | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
| se211604m | localhost | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-----------+-----------+-------------------------------------------+

mysql> SELECT PASSWORD('mypass');
+-------------------------------------------+
| PASSWORD('mypass')                        |
+-------------------------------------------+
| *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 |
+-------------------------------------------+

Give it a Try !!!

Mysql – Connecting to MYSQL on an EC2 instance

Since Zapier is coming in from outside your instance, a possible cause of your problem is the security group for your instance. Most ports on EC2 instances (except the SSH port) are normally blocked by default unless you explicitly open them.

So you would need to open the mysql port 3306 on your instance up to the ip address Zapier is coming in from. (preferably you would not open it up to everyone in the world.)

See Using Amazon RDS/EC2 on the Zapier site, starting from the section where it says Can't Connect to My Database. They continue on to provide specific instructions for the security group settings.

You will also probably need to grant permission on the database using the mysql GRANT command to the user coming in from the Zapier ip address.

Something like this should work :

GRANT ALL PRIVILEGES
ON mydb.*
TO 'user'@'54.86.9.50'
IDENTIFIED BY 'newpassword';

Or you can allow that user to come in from any ip adress like this:

GRANT ALL PRIVILEGES
ON mydb.*
TO 'user'@'%'
IDENTIFIED BY 'newpassword';

(Incoming requests would still be limited to Zapier ip addresses due to the security group settings.)

Best Answer

Related Solutions

Thesql 5.1 — unknown variable ‘basedir=c:/thesql/’

Give it a Try !!!

Mysql – Connecting to MYSQL on an EC2 instance

Related Question