GBase 8a数据库,在新的版本里开始支持sha256的用户密码加密,其参数为gbase_caching_sha2_password。周边客户端在使用这个用户时需要配套的支持sha256的客户端。包括 jdbc, odbc, c API. ado.net等开发接口。
目录导航
参数
gbase_caching_sha2_password=0
0,不开启 默认值
1, 开启,之后创建用户和设置密码时,会用sha256进行加密
修改方式
只需要修改每个gcluster的配置。一般全新安装的会自动增加该参数,默认是0
vi /opt/gcluster/config/gbase_8a_gcluster.cnf
在其中修改或增加参数
max_connections = 10000
max_connect_errors=1000000
max_allowed_packet = 64M
net_write_timeout = 1000000
net_read_timeout = 1000000
connect_timeout = 1000000
interactive_timeout =1000000
wait_timeout = 1000000
open_files_limit = 65535
gbase_caching_sha2_password=1
gbase_express_log = 1
gcluster_connect_net_read_timeout = 1000000
gcluster_connect_net_write_timeout = 1000000
gcluster_connect_timeout = 1000000
gcluster_wait_query_cancel_timeout = 200
样例
如下创建了一个abc用户,从gbase.user的元数据表里可以看到其密码长度和老的sha1不同,为65位,老的是41位。
gbase> show variables like '%sha%';
+-----------------------------+-------+
| Variable_name | Value |
+-----------------------------+-------+
| _gbase_gns_share_connection | 1 |
| gbase_caching_sha2_password | ON |
+-----------------------------+-------+
2 rows in set (Elapsed: 00:00:00.00)
gbase> create user abc ;
Query OK, 0 rows affected (Elapsed: 00:00:00.01)
gbase> grant all on testdb.* to abc identified by 'abc';
Query OK, 0 rows affected (Elapsed: 00:00:00.00)
gbase> select * from gbase.user;
+--------------------------------------------------------------+------------------+-------------------------------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+----------+--------------+---------------+----------------+---------------+-------------------------+-------------------+------+
| Host | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | max_cpus | max_memories | max_tmp_space | resource_group | task_priority | user_limit_storage_size | user_storage_size | UID |
+--------------------------------------------------------------+------------------+-------------------------------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+----------+--------------+---------------+----------------+---------------+-------------------------+-------------------+------+
| % | root | | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2 | | 0 | 1 |
| % | gbase | *9C0ADBD7F08FA9D49D82760B104110C55B943B8D | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2 | | 0 | 2 |
| % | abc | *4F8B42C22DD3729B519BA6F68D2DA7CC5B2D606D05DAED5AD5128CC03E6C6358 | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 2 | | 0 | 2049 |
+--------------------------------------------------------------+------------------+-------------------------------------------------------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+----------+--------------+---------------+----------------+---------------+-------------------------+-------------------+------+
3 rows in set (Elapsed: 00:00:00.00)
涉及的元数据表
password字段从varchar(41)变成varchar(65)
gbase.db_links
gbase.userg
base.password_history