[CentOS] Connect to MySQL monitor on another host in the LAN ?

[Keith Keller]

On Tue, Mar 23, 2010 at 04:56:43PM +0100, Niki Kovacs wrote:
> 
> Now what would be an orthodox (and somewhat secure) configuration to be 
> able to connect to this MySQL server on 'raymonde' from another machine 
> in the LAN ? Do I have to (re)create a root at raymonde MySQL account and 
> eventually give it the same password than root at localhost ?

As Les mentioned, user at host == user on the client host, not user on the
server host.  That's a generic user, not necessarily tied to the
currently logged-in username.  So on raymonde you'd do

grant xxx on db.blah to user at clientHost identified by 'pass';

and someone on clientHost could do

mysql -uuser -ppass -h raymonde db

to connect.

One important distinction that MySQL makes (and some other dbms, like
PostgreSQL, do not necessarily do) is that each ''user'' is a
user-clienthost combination.  So

grant xxx on db.blah to user at clientHost1 identified by 'pass';
grant yyy on db.blah to user at clientHost2 identified by 'pass';
grant zzz on db.blah to user@% identified by 'pass';

creates *three* distinct users.  This can get very confusing if xxx,
yyy, and zzz are all different grants, or if you add grants later to
user at clientHost1 but not clientHost2, or if the passwords are different
(or if the user changes one of them).  So you should try to keep your
MySQL user database simple, to try to avoid this confusion.

Finally, if you want your passwords encrypted you can use --ssl, but
both the client and server need to support SSL.  I haven't used this
much, so you should check out the docs at dev.mysql.com first.

--keith

-- 
kkeller at speakeasy.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20100323/e0b5ec46/attachment.sig>