MySQL Blog Archive
For the latest blogs go to blogs.oracle.com/mysql
New client option --no-login-paths: Turn off login path file processing

Background

Most MySQL programs can read startup options from option files (sometimes called configuration files). Option files provide a convenient way to specify commonly used options so that they need not be entered on the command line each time we run a program. One of the option files (clients only) is login path file.

Login path file is an obfuscated file named .mylogin.cnf created using the mysql_config_editor utility which enables us to store authentication credentials in a safe and secure way. The unobfuscated format of the .mylogin.cnf file consists of option groups, similar to other option files. Each option group in .mylogin.cnf is called a login path, which is a group that permits only certain options: host, user, password, port and socket. Think of a login path as a set of options that specify which MySQL server to connect to and which account to authenticate as.

Here is an unobfuscated example:

[client]
user = mydefaultname
password = mydefaultpass
host = 127.0.0.1
port = 30000
[mypath]
user = myothername
password = myotherpass
host = localhost
socket = my.sock

What prompted this inclusion?

When we invoke a client program to connect to the server, it looks for option files and reads any that exist including the login path file. For information about the order in which option files are used, see Using Option Files. The default login paths in the login path file is read every time regardless of whether --no-defaults option is specified or not. For example, mysql client reads the [client] and [mysql] login paths by default. Since the precedence of login path file is higher than other option files, the client program ignores the credentials stored in other option files and uses the ones stored in the defaults login paths.

Consider if we have our credentials stored in an option file my.cnf and we want to use it for connecting to the server as:

mysql --defaults-file=<path/to/my.cnf/file>

The only way to ensure that this works correctly is to erase the default login paths from the login path file before connecting. And this becomes extremely inconvenient.

To provide a method to overcome this issue a new client option, --no-login-paths has been introduced in MySQL 8.2.0.

How to get started?

The new client option, --no-login-paths can be specified on the command line without any argument. This will direct the command line tool to not read the login path file at all.

Now, consider the previous usecase where we wanted to use credentials from the my.cnf file keeping the default login paths in the login path file as it is. We can use the --no-login-paths option:

mysql --no-login-paths --defaults-file=<path/to/my.cnf/file>

This will make mysql use the credentials stored in the file my.cnf by ignoring the ones stored in default login paths.

Additional details

  • Because this option affect option-file handling, it must be specified on the command line and not in an option file.
  • Like other command-line options that affect option-file handling, this option must be given before other client options.
  • It does not make sense to use --no-login-paths with --login-path option. Hence, if specified, an error is raised and login fails.

As always, thank you for using MySQL.

References