今天OJ數據庫服務器掛了,我這邊很奇怪的ssh連不上,后來連上了但是很卡,看了下mysql/error.log沒看出來什么原因。學長那邊進去mysql用了下showprocesslist發現大量的unauthenticated user Connect的信息。於是查了一下原因。
手冊中的解釋是:unauthenticated user refers to a thread that has become associated with a client connection but for which authentication of the client user has not yet been done。意即:有一個線程在處理客戶端的連接,但是該客戶端還沒通過用戶驗證
MySQL處理用戶連接時進行如下過程來驗證用戶的合法性:
When a new client connects to mysqld, mysqld spawns a new thread to handle the request. This thread first checks whether the host name is in the host name cache. If not, the thread attempts to resolve the host name: The thread takes the IP address and resolves it to a host name (using gethostbyaddr()). It then takes that host name and resolves it back to the IP address (using gethostbyname()) and compares to ensure it is the original IP address.
即:先作反向解析IP>Hostname,然后作Hostname>IP的正向解析。如果結果符合,則驗證為合法用戶允許登錄,如果不符合則定義為“unauthenticated user”。
原因可能有:
1、服務器在做DNS反響解析,解決辦法有兩個:
1-)在 hosts 中添加客戶端ip,如
192.168.0.1 yejr
2-) MySQL啟動參數增加一個skip-name-resolve,即不啟用DNS反響解析。即修改mysql配置文件/etc/mysql/my.cnf,在 [mysqld] 行下添加 –skip-name-resolve ,重新啟動mysql服務
2、服務器的線程還處於排隊狀態,因此可以加大 back_log
采用第二個方法成功了。
建議創建用戶權限的時候,不要使用hostname作為限制而是直接用IP;更干脆的話就主機不配置DNS Server