Layer7 API Gateway using Secure password in MySQL replacing my.cnf user
search cancel

Layer7 API Gateway using Secure password in MySQL replacing my.cnf user

book

Article ID: 387332

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

The Layer7 Debian appliance works with the mysql-config-editor, which allows you to store the MySQL user authentication credentials in a obfuscated  format in a file named .mylogin.cnf


For more information: https://dev.mysql.com/doc/refman/8.0/en/mysql-config-editor.html.

Resolution

To create an encrypted user login file:

1) Log in to the ssgconfig menu and chose option 3 to get to the privileged shell.

2) Make sure you have already updated to the desired value the mysql root user password:

Example in Privileged shell,

# mysql

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '<new_password>'; 
mysql> FLUSH PRIVILEGES;

3) You can then run the below commands to create a ~/.mylogin.cnf file (when this file is present, any user credential stored in /etc/my.cnf or ~/.my.cnf will be ignored)

4) "mysql_config_editor set --user=mysqluser --password"

Following the console prompt to type in the mysqluser credential in an interactive mode.

The ~/.mylogin.cnf file will be generated with 600 permission as the output of the utility. 

5) Remove any existing credentials saved in /root/.my.cnf, or /etc/my.cnf files

Note: The most secured way is to have the client program prompt for user credential when accessing the local MySQL server. To achieve this, you could simply remove the /root/.my.cnf file.