Continuent Documentation

Manual Home
Tungsten Clustering (for MySQL) 7.0 Manual
Page in Other Manuals
Tungsten Replicator 7.0 Manual
Breadcrumbs
> Tungsten Clustering (for MySQL) 7.0 Manual

       > 7. Tungsten Connector
Chapters
Preface
1. Introduction
2. Deployment
3. Deployment: MySQL Topologies
4. Deployment: Advanced
5. Deployment: Security
6. Operations Guide
7. Tungsten Connector
8. Tungsten Manager
9. Command-line Tools
10. The tpm Deployment Command
11. Tungsten REST API (APIv2)
12. Replication Filters
13. Performance, Tuning and Testing
A. Release Notes
B. Prerequisites
C. Troubleshooting
D. Files, Directories, and Environment
E. Terminology Reference
F. Internals
G. Frequently Asked Questions (FAQ)
H. Ecosystem Support
I. Configuration Property Reference
Navigate Up
7. Tungsten Connector
Parent Sections
7.1. Connector/Application Basics
7.2. Basic Connector Configuration
7.3. Clients and Deployment
7.4. Routing Methods
7.5. Using Bridge Mode
7.6. User Authentication
7.7. Testing Connectivity Via the Connector
7.8. Connector Operational States
7.9. Connector/Manager Interface
7.10. Connector Command-Line Interface
7.11. Connector Inline Command Interface
7.12. Advanced Configuration
7.13. Connector General Limitations
7.6. User Authentication
Prev  ^UpChapter 7. Tungsten Connector Next

7.6. User Authentication

7.6.1. user.map File Format
7.6.2. user.map Direct Routing
7.6.3. user.map Host Options
7.6.4. user.map Updates
7.6.5. Generating user.map Entries from a Script
7.6.6. Encrypting user.map Data
7.6.7. Synchronizing user.map Data
7.6.8. user.map Limitations
7.6.9. Host-based Authentication

When configuring Tungsten Connector it is important to ensure that you have a user.map in place. The role of user.map is to define the usernames and passwords of users that will be connecting to the dataserver.

There is no authentication within the connector. Instead, the connector sends authentication information onto the dataserver. However, the MySQL network protocol exchanges a token between the client and the dataserver in order to authenticate the connection and is designed to prevent 'man in the middle' attacks.

Unfortunately, 'man in the middle' is exactly how Tungsten Connector operates, as the man in the middle to redirect queries to different dataservers as the list of active dataservers changes during the operation of a cluster. The authentication exchange cannot be reinitiated by the dataserver and client, so the Tungsten Connector performs this authentication exchange on behalf of the client using the user and password information from a special file called user.map.

Figure 7.8. Tungsten Connector Authentication

Tungsten Connector Authentication

To get round this limitation, the connector operates as follows:

  • Client opens a connection to the connector and authenticates.

  • Connector connects to the datasource using the username supplied by the client, and the corresponding password stored within user.map.

  • Database server returns the authentication token to the connector.

  • Connectors sends the same authentication token back to the client.

This process gives the client application the authentication token required to enable it to communicate with the dataserver and the same token to be used by the connector.

For this system to work, a file, user.map, must exist on every connector installation, and it must contain the information for all users that will connect to the datasources from each client. Without this information, connectors will be unable to login on behalf of the client applications.

Important

All the users that require access to your MySQL servers through the Tungsten Connector must have an entry in the user.map. Without this information, the Tungsten Connector has no way of providing an onward connection to a MySQL server.

The user.map file primary role is to operate as the source for authentication information within the connector. However, through the use of additional flags and keywords, the file can also define the routing methods used by different users when connecting to datasources, and different dataservices.

Prev Up Next
7.5. Using Bridge Mode  ^Level 7.6.1. user.map File Format
Copyright © 2016-2023 Continuent, Ltd.(800) 270-9035Terms of UsePrivacy & CookiesLegal NoticeExhibits