Table of Contents
Advertisement
Access Control, Stage 1: Connection Verification
When the server reads the table into memory, it sorts the rows using the rules just described. The
result after sorting looks like this:
+-----------+----------+-
| Host
| User
+-----------+----------+-
| localhost | root
| localhost |
| %
| jeffrey
| %
| root
+-----------+----------+-
When a client attempts to connect, the server looks through the sorted rows and uses the first match
found. For a connection from
one with
and
Host
User
'jeffrey'. The
'localhost'
Here is another example. Suppose that the
+----------------+----------+-
| Host
| User
+----------------+----------+-
| %
| jeffrey
| thomas.loc.gov |
+----------------+----------+-
The sorted table looks like this:
+----------------+----------+-
| Host
| User
+----------------+----------+-
| thomas.loc.gov |
| %
| jeffrey
+----------------+----------+-
A connection by
jeffrey
by
from any host is matched by the second.
jeffrey
Note
It is a common misconception to think that, for a given user name, all rows
that explicitly name that user are used first when the server attempts to find a
match for the connection. This is not true. The preceding example illustrates
this, where a connection from
not by the row containing
with no user name. As a result,
user, even though he specified a user name when connecting.
If you are able to connect to the server, but your privileges are not what you expect, you probably are
being authenticated as some other account. To find out what account the server used to authenticate
you, use the
CURRENT_USER()
returns a value in
user_name@host_name
matching
table row. Suppose that
user
mysql>
SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| @localhost
|
+----------------+
The result shown here indicates that the matching
other words, the server is treating
Another way to diagnose authentication problems is to print out the
see where the first match is being made.
| ...
| ...
| ...
| ...
| ...
by jeffrey, two of the rows from the table match: the
localhost
values of
'localhost'
row appears first in sorted order, so that is the one the server uses.
user
| ...
| ...
| ...
| ...
| ...
| ...
from
thomas.loc.gov
'jeffrey'
[959]
function. (See
format that indicates the
jeffrey
as an anonymous user.
jeffrey
587
and '', and the one with values of
table looks like this:
is matched by the first row, whereas a connection
by
thomas.loc.gov
jeffrey
as the
column value, but by the row
User
is authenticated as an anonymous
jeffrey
Section 12.13, "Information
User
connects and issues the following query:
table row had a blank
user
user
and
'%'
is first matched
Functions".) It
and
values from the
Host
column value. In
User
table and sort it by hand to
Advertisement
Chapters
Table of Contents
Troubleshooting
