MySQL Enterprise Authentication

Only available in select Commercial Editions

MySQL Enterprise Edition provides ready to use external authentication modules to easily integrate existing security infrastructures, including Linux Pluggable Authentication Modules (PAM) and Windows Active Directory. By authenticating MySQL users from centralized directories, organizations can implement Single Sign On. The same user names, passwords and permissions can be used. This makes MySQL DBAs more productive by eliminating the need to manage credentials in individual systems. It also makes IT infrastructures more secure by leveraging existing security rules and processes (e.g. identifying weak passwords and managing password expiration).

MySQL provides numerous authentication options:

  • New! MySQL OpenID Connect Authentication – Enables MySQL to authenticate over the OpenID Connect (OIDC) protocol . OpenID Connect is an interoperable authentication protocol based on the OAuth 2.0 framework. MySQL OpenID Connect Authentication improves security by removing the responsibility of setting, storing, and managing passwords which can result in credential-based data breaches.
  • MySQL External Authentication for LDAP - Enables you to configure MySQL to authenticate users via LDAP (Lightweight Directory Access Protocol) servers. Users or groups of users can be specified in detail via LDAP specifications. Username/Password, SASL, GSSAPI/Kerberos authentication are supported.
  • MySQL External Authentication for Windows - Enables you to configure MySQL to use native Windows services to authenticate client connections. Users who have logged in to Windows can connect from MySQL client programs to the server based on the token information in their environment without specifying an additional password.
  • MySQL Native Kerberos Authentication - Enables customers to leverage existing Kerberos authentication infrastructure such as single sign on. MySQL Enterprise both MIT (GSSAPI) and Microsoft (SSPI) Kerberos implementations.
  • MySQL External Authentication for PAM - Enables you to configure MySQL to use Linux PAMs (Pluggable Authentication Modules) to authenticate users via PAMs for various authentication methods, such as Linux passwords or an LDAP directory.
  • MySQL WebAuthn Authentication - Enables authentication to MySQL Server using FIDO2 Web Authentication (WebAuthn) standard for devices such as smart cards, security keys, and biometric readers.
  • MySQL Multifactor Authentication - Enables you to require a user to provide two or more verification factors to access the MySQL Database. Username and passwords are vulnerable to various attacks. By requiring multiple factors adds additional security hardening to keep your organization safer from cybercrime. MySQL MFA allows you to combine up to 3 authentication methods.

MySQL External Authentication for Windows

Additional Resources