一、创建新用户能看到却连不上
场景:
通过mysqldump导出,迁移到新实例导入用户,能在用户表里面看到已有用户,但是连不上
[root@master1 ~]# mysqldump -uroot -pxxxxxxx --set-gtid-purged=off --single-transaction
mysql user --where='user="test_user"' -t > user.sql
[root@master1 ~]# cat user.sql
-- MySQL dump 10.13 Distrib 8.0.32, for Linux (x86_64)
--
-- Host: localhost Database: mysql
-- ------------------------------------------------------
-- Server version 8.0.32
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!50503 SET NAMES utf8mb4 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Dumping data for table `user`
--
-- WHERE: user="test_user"
LOCK TABLES `user` WRITE;
/*!40000 ALTER TABLE `user` DISABLE KEYS */;
INSERT INTO `user` VALUES ('%','test_user','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','N','','','','',0,0,0,0,'mysql_native_password','*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1','N','2023-04-24 02:42:01',NULL,'N','N','N',NULL,NULL,NULL,NULL);
/*!40000 ALTER TABLE `user` ENABLE KEYS */;
UNLOCK TABLES;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */
新实例
[root@master1 ~]# mysql -uroot -pxxxxxx mysql <user.sql
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@master1 ~]# mysql -uroot -pxxxxxx mysql -e'select user,host from mysql.user where user="test_user"'
mysql: [Warning] Using a password on the command line interface can be insecure.
+-----------+------+
| user | host |
+-----------+------+
| test_user | % |
+-----------+------+
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test_user'@'localhost' (using password: YES)解决:
mysqldump导出的用户,是用insert 方式插入到mysql.user表,虽然能查询看到,但是内存权限表还是旧的,需要重新加载内存权限表。--flush privileges;
[root@master1 ~]# mysql -uroot -pxxxxxx mysql -e'flush privileges;'
mysql: [Warning] Using a password on the command line interface can be insecure.
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 31
Server version: 8.0.32 MySQL Community Server - GPL
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>二、不知道原密码情况下迁移用户登录失败
场景:
迁移数据库用户的时候,会根据authentication_string字段查到的加密信息创建用户,然后登录失败
原实例
mysql> select user,host,plugin,authentication_string from mysql.user where user='test_user';
+------------------+---------------+-----------------------+------------------------------------------------------------------------+
| user | host | plugin | authentication_string |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+
| test_user | % | mysql_native_password | *BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1 |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+
8 rows in set (0.00 sec)
新实例
mysql>create user test_user@'%' identified by '*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'test_user'@'localhost' (using password: YES)解决:
通过authentication_string查询到的加密串,需要用with plugin as 的方式创建用户,才会保持原密码不变
WITH mysql_native_password as
mysql> drop user test_user@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> create user test_user@'%' identified WITH mysql_native_password as '*BCF4F28E525ED7EE4664FFFF4DAE13EC14A6ABE1';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
[root@master1 ~]# mysql -utest_user -pTest@123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 8.0.32 MySQL Community Server - GPL
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>三、创建用户报错
场景:
通过authentication_string查询到的加密串,用as来创建用户,报错
mysql> create user test_user@'%' identified WITH mysql_native_password as '$A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED';
ERROR 1827 (HY000): The password hash doesn't have the expected format.解决:
通过authentication_string查询到的加密串来创建用户,需要注意plugin的不同,当plugin是mysql_native_password时authentication_string加密串长度是41,当plugin是caching_sha2_password的authentication_string加密串长度是70。--WITH caching_sha2_password as
mysql> select user,host,plugin,authentication_string,length(authentication_string) length from mysql.user;
+------------------+---------------+-----------------------+------------------------------------------------------------------------+--------+
| user | host | plugin | authentication_string | length |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+--------+
| root | % | mysql_native_password | *098E13F0BBC737BD4608363FE8A0A13A348F3934 | 41 |
| donor_user | 192.168.137.% | mysql_native_password | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 | 41 |
| repl | 192.168.137.% | mysql_native_password | *A424E797037BF97C19A2E88CF7891C5C2038C039 | 41 |
| mysql.infoschema | localhost | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | 70 |
| mysql.session | localhost | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | 70 |
| mysql.sys | localhost | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | 70 |
| root | localhost | mysql_native_password | *613997A8B0E1757211BDC25E3E8D0F5A1C0428B2 | 41 |
+------------------+---------------+-----------------------+------------------------------------------------------------------------+--------+
mysql> create user test_user@'%' identified WITH caching_sha2_password as '$A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED';
Query OK, 0 rows affected, 1 warning (0.00 sec)
