Skip to content

Commit

Permalink
Update Security Compatibility with MySQL
Browse files Browse the repository at this point in the history 
Related to pingcap/tidb#24991
  • Loading branch information
@dveeden
dveeden committed Jul 6, 2021
1 parent 08a34c7 commit 2c6c337
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
16 changes: 14 additions & 2 deletions security-compatibility-with-mysql.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,21 @@ aliases: ['/docs/dev/security-compatibility-with-mysql/','/docs/dev/reference/se

TiDB supports similar security functionality to MySQL 5.7, with the following exceptions:

- Only the `mysql_native_password` password-based and certificate-based authentication is supported
- External authentication (such as with LDAP) is not currently supported
- Column level permissions are not supported
- Password expiry, as well as password last-changed tracking and password lifetime are not supported [#9709](https://github.com/pingcap/tidb/issues/9709)
- The permission attributes `max_questions`, `max_updated`, `max_connections`, `max_user_connections` are not supported
- Password validation is not currently supported [#9741](https://github.com/pingcap/tidb/issues/9741)

## Authentication plugin status

| Authentication Method | Supported |
| :------------------------| :--------------- |
| `mysql_native_password` | Yes |
| `sha256_password` | No |
| `caching_sha2_password` | Yes, since 5.2.0 |
| `auth_socket` | No |
| TLS Certificates | Yes |
| LDAP | No |
| PAM | No |
| ed25519 (MariaDB) | No |
| GSSAPI (MariaDB) | No |
6 changes: 6 additions & 0 deletions system-variables.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,12 @@ mysql> SELECT * FROM t1;
- This variable indicates the location where data is stored. This location can be a local path or point to a PD server if the data is stored on TiKV.
- A value in the format of `ip_address:port` indicates the PD server that TiDB connects to on startup.

### default_authentication_plugin

- Scope: GLOBAL
- Default value: `mysql_native_password`
- This variable sets the authentication method the server advertises during connection establishment.

### ddl_slow_threshold

- Scope: INSTANCE
Expand Down

0 comments on commit 2c6c337

Please sign in to comment.