Ping a Specific Port

Question

David Timothy Strauss

Asked: 2014-09-06 13:57:20 +0800 CST2014-09-06 13:57:20 +0800 CST 2014-09-06 13:57:20 +0800 CST

Auditing connections using certificates

772

We would like to have clients connect to our MariaDB server, using client certificates from a trusted (internal) issuer and then log which user connected.

Unfortunately, the following limitations are preventing success:

It's possible to trust everyone from the same issuer, but then they all have to be mapped to the same MariaDB user.
It's possible to audit log user connections, but the logs only show the actual MariaDB user, not the subject of the certificate the client is using.
It's not possible to dynamically create actual MariaDB users based on the client certificate.

Is there a solution to our dilemma, other than pre-populating a MariaDB user for each possible client certificate?

1 Answers

Voted

womble · Answer 1 · 2015-08-13T17:40:12+08:00

womble

2015-08-13T17:40:12+08:002015-08-13T17:40:12+08:00

Yep, you're doomed to creating a MariaDB user for each user you wish to connect to the server, with a REQUIRE SUBJECT '/CN=foo/[email protected]/'. It's a hideous, error-prone syntax. MySQL's user management is fairly pants in a great many ways.

0

Auditing connections using certificates

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?