MySQL Lists: mysql: Re: User/Password for every host?

List:	General Discussion	« Previous Message Next Message »
From:	Michael Stassen	Date:	October 2 2005 5:24am
Subject:	Re: User/Password for every host?
View as plain text

Miguel Cardenas wrote:
> Hello list
> 
> I have a doubt... Do I need to set a password to a user for each host the user 
> has permission to connect from?

To mysql, a user is 'username@host'.  That is, joe@host1 and joe@host2 are 
two different users from mysql's point of view.  You may give them the same 
password and the same privileges, but they are still two different mysql users.

> Let's supose
> 
> // add user 'somebody'
> GRANT ALL PRIVILEGES ON *.* TO somebody@"192.168.0.%" IDENTIFIED BY 'onepass';
> 
> if I want 'somebody' to have access from "dsl-A.B.C.D-provider.com" with 
> dynamic address, maybe I should try something like
> 
> // add new host
> GRANT ALL PRIVILEGES ON *.* TO somebody@"dsl-%-provider.com" IDENTIFIED BY 
> 'onepass';

That should work.  See the manual for more 
<http://dev.mysql.com/doc/mysql/en/connection-access.html>.

>    or the right way should be
> GRANT ALL PRIVILEGES ON *.* TO somebody@"dsl-%-provider.com";

No.  This creates the user 'somebody@dsl-%-provider.com' with no password.

> When adding a new host, should I provide again the same 'onepass' or the 
> password may/must be different so it changes depending where the user 

Each user@host should have a password, but they need not be different.  If 
joe@host1 and joe@host2 are really the same person connecting from two 
different machines, you may certainly assign the same password and 
privileges to both.

> connects from? if I don't use 'IDENTIFIED BY...' what happens? does mysql 
 > accept the connection with no password

If the user is new, leaving out the IDENTIFIED BY clause creates a user with 
no password.  Not a good idea.  If the user already exists, leaving out the 
IDENTIFIED BY clause leaves the current password unaltered.

> (the user already exists on the system)?

In the situation you describe, the user does not already exist in mysql. 
New hostname means new user.

> I'm not sure, but I guess that in table mysql/user it is possible to have 
> different Host/User/Password entries with a same user and all valid.

Yes.

> Thanks for any comment

This is all explained in the manual 
<http://dev.mysql.com/doc/mysql/en/connection-access.html>.

Michael

Thread
• User/Password for every host?	Miguel Cardenas	2 Oct
• Re: User/Password for every host?	Michael Stassen	2 Oct