mysql 无密码使用管理员登陆

转载

langrisser 2024-09-14 20:08:19

文章标签 mysql 无密码使用管理员登陆数据库网络 mysql MySQL 文章分类 MySQL 数据库

无密码登录在一定程度上能够简化流程，对于密码敏感，但是又需要提供访问权限的情况下是一个不错的选择。尤其是在乙方在做一些操作的时候，要密码和给密码是一个纠结的问题。不给没法工作，给了又对信息安全又影响。
在Oracle和MySQL中都有相应的解决方案，大道至简，这个功能的目的都是类似的。
在Oracle中可以通过设置wallet来实现，在10g版本开始支持。而在MySQL中自5.6版本开始可以使用--login-path来实现。
先来看看Oracle中的wallet实现无密码登录，可以通过mkstore来配置，我们可以使用--help得到命令使用的帮助。
[ora11g@oel1 admin]$ mkstore --help
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
No wallet location specified.
mkstore [-wrl wrl] [-create] [-createSSO] [-createLSSO] [-createALO] [-delete] [-deleteSSO] [-list] [-createEntry alias secret] [-viewEntry alias] [-modifyEntry alias secret] [-deleteEntry alias] [-createCredential connect_string username password] [-listCredential] [-modifyCredential connect_string username password] [-deleteCredential connect_string] [-help] [-nologo]
我们首先来创建钱包，指定钱包路径为/u02/ora11g/wallet，对于密码还是有一定的要求，太简单也不行。
$ mkstore -wrl /u02/ora11g/wallet -create
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter password:
Enter password again:
生成钱包后，会在指定的路径下生成两个文件。
$ ll
total 8
-rw------- 1 ora11g dba 3589 May 17 21:37 cwallet.sso
-rw------- 1 ora11g dba 3512 May 17 21:37 ewallet.p12
我们可以指定临时的连接串来配置到钱包里面，比如我们认为test11g是一个临时连接串，可以使用tnsping来测试，确保连接串是可访问的。
$tnsping test11g
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = oel1.oracle.com)(PORT = 1511))) (CONNECT_DATA = (SERVICE_NAME = TEST11G)))
OK (0 msec)
配置完成之后，我们需要在登录之前在sqlnet.ora中配置钱包的路径。sqlnet.ora中需要配置的内容如下：
$ cat sqlnet.ora
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /u02/ora11g/wallet)
)
)

SQLNET.WALLET_OVERRIDE=true
这些配置都搞定以后我们就可以指定对应的连接串，对应的用户名密码。
$ mkstore -wrl /u02/ora11g/wallet -createCredential test11g n1 n1
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: l 1
Create credential oracle.security.client.connect_string1
如果希望查看验证的明细信息，可以使用下面的命令。
[ora11g@oel1 wallet]$ mkstore -wrl /u02/ora11g/wallet -listCredential
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password:
List credential (index: connect_string username)
1: test11g n1

配置完成之后工作就完成了，我们可以简单验证一下。
$ sqlplus /@test11g
SQL*Plus: Release 11.2.0.1.0 Production on Sun May 17 21:45:59 2015
With the Partitioning, OLAP, Data Mining and Real Application Testing options
n1@TEST11G>

如果需要禁用删除也是很方便的。
删除验证信息
[ora11g@oel1 wallet]$ mkstore -wrl /u02/ora11g/wallet -deleteCredential test11g
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: 1
Delete credential
Delete 1
删除钱包

[ora11g@oel1 wallet]$ mkstore -wrl /u02/ora11g/wallet -delete
Oracle Secret Store Tool : Version 11.2.0.1.0 - Production
Copyright (c) 2004, 2009, Oracle and/or its affiliates. All rights reserved.
Enter wallet password: 1
也可以选择相应修改sqlnent.ora里面的配置

而如果使用MySQL来实现，则需要通过mysql_config_editor来配置。

mysql_config_editor的命令提示如下，可以看出可使用的选项还是相对比较简单的。

[mysql@oel1 ~]$ mysql_config_editor set --help

mysql_config_editor Ver 1.0 Distrib 5.6.23, for linux-glibc2.5 on i686

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

MySQL Configuration Utility.

Description: Write a login path to the login file.

Usage: mysql_config_editor [program options] [set [command options]]

-?, --help Display this help and exit.

-h, --host=name Host name to be entered into the login file.

-G, --login-path=name

Name of the login path to use in the login file. (Default

: client)

-p, --password Prompt for password to be entered into the login file.

-u, --user=name User name to be entered into the login file.

-S, --socket=name Socket path to be entered into login file.

-P, --port=name Port number to be entered into login file.

-w, --warn Warn and ask for confirmation if set command attempts to

overwrite an existing login path (enabled by default).

(Defaults to on; use --skip-warn to disable.)

我们直接可以通过一个命令来完成配置，制定这个无密码登录的别名为fastlogin

[mysql@oel1 ~]$ mysql_config_editor set --login-path=fastlogin --user=root --host=localhost --password --socket=/u02/mysql/mysqld_mst.sock
Enter password:
配置完成之后，会在当前路径下生成一个隐藏文件.mylogin.cnf

[mysql@oel1 ~]$ ll -la .mylogin*
-rw------- 1 mysql dba 480 May 17 22:10 .mylogin.cnf
如果需要查看里面的明细信息，可以使用如下的命令，当然密码是不会显示出来的。
[mysql@oel1 ~]$ mysql_config_editor print --login-path=fastlogin
[fastlogin]
user = root
password = *****
host = localhost
socket = /u02/mysql/mysqld_mst.sock

大功告成，这个时候直接登录即可。
[mysql@oel1 ~]$ mysql --login-path=fastlogin
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.23-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial)
Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

如果需要禁用删除，可以这么做。
mysql_config_editor remove --login-path=fastlogin