GBase 8a集群SSL配置-强制用户用SSL

发表于 作者 laozizhu

GBase 8a支持数据库用户通过require ssl参数,强制必须使用SSL连接数据库,本文介绍其方法。

创建用户

查看其中的ssl_type, 看到是空的。

gbase> create user ssl_user identified by 'ssl';
Query OK, 0 rows affected (Elapsed: 00:00:00.02)


gbase> select * from gbase.user where user='ssl_user'\G
*************************** 1. row ***************************
                   Host: %
                   User: ssl_user
               Password:
            Select_priv: N
            Insert_priv: N
            Update_priv: N
            Delete_priv: N
            Create_priv: N
              Drop_priv: N
            Reload_priv: N
          Shutdown_priv: N
           Process_priv: N
              File_priv: N
             Grant_priv: N
        References_priv: N
             Index_priv: N
             Alter_priv: N
           Show_db_priv: N
             Super_priv: N
  Create_tmp_table_priv: N
       Lock_tables_priv: N
           Execute_priv: N
        Repl_slave_priv: N
            Unmask_priv: N
       Create_view_priv: N
         Show_view_priv: N
    Create_routine_priv: N
     Alter_routine_priv: N
       Create_user_priv: N
             Event_priv: N
           Trigger_priv: N
               ssl_type:
             ssl_cipher:
            x509_issuer:
           x509_subject:
          max_questions: 0
            max_updates: 0
        max_connections: 0
   max_user_connections: 0
               max_cpus: 0
           max_memories: 0
          max_tmp_space: 0
         resource_group: 0
          task_priority: 2
user_limit_storage_size:
      user_storage_size: 0
                    UID: 529422
1 row in set (Elapsed: 00:00:00.00)

设置SSL要求

通过grant 命令,设置权限,require ssl参数要求必须用ssl连接。查看user表的ssl_type变成了ANY,而不是默认的空。

gbase> grant usage on *.* to ssl_user identified by 'ssl' require ssl;

Query OK, 0 rows affected (Elapsed: 00:00:00.01)

gbase> select * from gbase.user where user='ssl_user'\G
*************************** 1. row ***************************
                   Host: %
                   User: ssl_user
               Password: *035E199C2E188B7300132D5C991D9E002AB5C150
            Select_priv: N
            Insert_priv: N
            Update_priv: N
            Delete_priv: N
            Create_priv: N
              Drop_priv: N
            Reload_priv: N
          Shutdown_priv: N
           Process_priv: N
              File_priv: N
             Grant_priv: N
        References_priv: N
             Index_priv: N
             Alter_priv: N
           Show_db_priv: N
             Super_priv: N
  Create_tmp_table_priv: N
       Lock_tables_priv: N
           Execute_priv: N
        Repl_slave_priv: N
            Unmask_priv: N
       Create_view_priv: N
         Show_view_priv: N
    Create_routine_priv: N
     Alter_routine_priv: N
       Create_user_priv: N
             Event_priv: N
           Trigger_priv: N
               ssl_type: ANY
             ssl_cipher:
            x509_issuer:
           x509_subject:
          max_questions: 0
            max_updates: 0
        max_connections: 0
   max_user_connections: 0
               max_cpus: 0
           max_memories: 0
          max_tmp_space: 0
         resource_group: 0
          task_priority: 2
user_limit_storage_size:
      user_storage_size: 0
                    UID: 529422
1 row in set (Elapsed: 00:00:00.00)

登录尝试

因为并没有配置ssl,所以直接报错,虽然用户名和密码是对的。

[gbase@rh6-1 gcluster]$ gccli -ussl_user -pssl
ERROR 1045 (28000): Access denied for user 'ssl_user'@'localhost' (using password: YES)
[gbase@rh6-1 gcluster]$

SSL配置

请参考

GBase 8a集群SSL配置-集群配置部分
GBase 8a集群SSL配置-客户端gccli

Post Views: 444

相关文章:

  1. GBase 8a集群SSL配置-集群配置部分
  2. GBase 8a集群SSL配置-客户端gccli
  3. GBase 8a集群SSL配置-JDBC
  4. GBase 8a集群SSL配置-ODBC
  5. GBase 8a集群统一字段列名大小写的参数和例子
  6. GBase 8a字符集相关配置参数介绍
  7. GBase 8a同步日志归档老化功能使用说明
  8. GBase 8a 修改服务端口号的方法
  9. GBase 8a集群统计运行期内存使用情况_gbase_session_memory_stat参数
  10. GBase 8a如何提高加载性能,影响性能的因素有哪些