Wednesday, June 11, 2014

Percona PAM authentication in JDBC

Percona's MySQL distribution supports PAM based authentication.  Unfortunately this currently confuses the heck out of the latest MySQL JDBC driver.  First of all, the percona server asks the client to use the "dialog" authentication plugin.  Unless percona binaries are installed on the machine, this plugin is not available.  One can substitute the clear text password plugin, but it depends on SSL being present.

What can you do if your Percona server is configured to use pam authentication and does not support secure connections?  Write your own MySQL connector authentication plugin.  Assuming the connector jar distribution is on your classpath, simply compile the below:

public class DialogPasswordPlugin extends MysqlClearPasswordPlugin {
    @Override
    public String getProtocolPluginName() {
        return "dialog";
    }

    @Override
    public boolean requiresConfidentiality() {
        return false;
    }
}
put the compiled class on your classpath and add "authenticationPlugins=com.rubiconproject.mysql.percona.DialogPasswordPlugin" to your JDBC URL.
You should now be able to authenticate with the Percona server.