Hello,

(I actually wanted to create a feature proposal/request however JIRA did not offer me to select those)

I had several occasions where I wanted to use socket auth for different usernames:

Using authentication_string in the user table to specify the allowed system user name which may authenticate as the corresponding mysql user over socket.

I already created a patch for this in my own build, which I could contribute if described feature is wanted. Currently my authentication does the following:

sysuser = get user from socket

mysqluser = username send by client

if(authentication_string_len == 0){

    return sysuser == mysqluser;

}else{

    if(authentication_string starts with '@'){

        groups = get groups of system user

        for(gr of groups){

            if('@'+gr == authentication_string)

                return true;

        }

        return false

    }else{

        return sysuser == authentication_string

    }

}

Another feature idea is to allow a comma seperated list of different groups/users...

Btw just noticed that mysql supports specifying an alternative user name for the socket_auth plugin, however they accept both:

if (!strcmp(pwd->pw_name, info->user_name) ||

      !strcmp(pwd->pw_name, info->auth_string))

    return CR_OK;