GBase 8a集群SSL配置-强制用户用SSL

—————– 创建必须用SSL的数据库用户—————–

[gbase@localhost ~]$ gccli

GBase client 9.5.2.6.110163. Copyright (c) 2004-2019, GBase. All Rights Reserved.

gbase> create user ssl_user identified by ‘ssl_user’;

Query OK, 0 rows affected (Elapsed: 00:00:00.01)

gbase> grant all on testdb.* to ssl_user require ssl;

Query OK, 0 rows affected (Elapsed: 00:00:00.02)

gbase> exit

Bye

[gbase@localhost ~]$ gccli -ussl_user -pssl_user

GBase client 9.5.2.6.110163. Copyright (c) 2004-2019, GBase. All Rights Reserved.

gbase> \s

————–

gccli ver 9.5.2.6.110163, for unknown-linux-gnu (x86_64) using readline 6.3

Connection id: 46

Current database:

Current user: ssl_user@localhost

SSL: Cipher in use is DHE-RSA-AES256-SHA

Current pager: stdout

Using outfile: ”

Using delimiter: ;

Server version: 9.5.2.6.110163

Protocol version: 10

Connection: Localhost via UNIX socket

Server characterset: utf8

Db characterset: utf8

Client characterset: utf8

Conn. characterset: utf8

UNIX socket: /tmp/gcluster_5258.sock

Uptime: Elapsed: 00:43:11.00

Threads: 3 Questions: 87 Slow queries: 0 Opens: 28 Flush tables: 1 Open tables: 21 Queries per second avg: 0.33

————–

gbase> exit

Bye

如果去掉前面client的配置文件部分,会报错

[gbase@localhost ~]$ vi /opt/gbase/gcluster/config/gbase_8a_gcluster.cnf

[gbase@localhost ~]$ cat /opt/gbase/gcluster/config/gbase_8a_gcluster.cnf

[client]

port=5258

socket=/tmp/gcluster_5258.sock

connect_timeout=43200

#default-character-set=gbk

#ssl-ca=/usr/local/tmp/ssl/ca-cert.pem

#ssl-cert=/usr/local/tmp/ssl/client-cert.pem

#ssl-key=/usr/local/tmp/ssl/client-key.pem

[gbase@localhost ~]$ gccli -ussl_user -pssl_user

ERROR 1045 (28000): Access denied for user ‘ssl_user’@’localhost’ (using password: YES)

[gbase@localhost ~]$

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注