MySQL Enterprise Edition provides plugins that implement security features using external services:
MySQL Enterprise Edition includes an authentication plugin that enables MySQL Server to use LDAP (Lightweight Directory Access Protocol) to authenticate MySQL users. LDAP Authentications supports user name and password, SASL, and GSSAPI/Kerberos authentication methods to LDAP services. For more information, see *note ldap-pluggable-authentication::.
MySQL Enterprise Edition includes an authentication plugin that enables MySQL Server to use Native Kerberos to authenticate MySQL users using there Kerberos Principals. For more information, see Kerberos Pluggable Authentication (https://dev.mysql.com/doc/refman/8.0/en/kerberos-pluggable-authentication.html).
MySQL Enterprise Edition includes an authentication plugin that enables MySQL Server to use PAM (Pluggable Authentication Modules) to authenticate MySQL users. PAM enables a system to use a standard interface to access various kinds of authentication methods, such as Unix passwords or an LDAP directory. For more information, see *note pam-pluggable-authentication::.
MySQL Enterprise Edition includes an authentication plugin that performs external authentication on Windows, enabling MySQL Server to use native Windows services to authenticate client connections. Users who have logged in to Windows can connect from MySQL client programs to the server based on the information in their environment without specifying an additional password. For more information, see *note windows-pluggable-authentication::.
MySQL Enterprise Edition includes a suite of masking and de-identification functions that perform subsetting, random generation, and dictionary replacement to de-identify strings, numerics, phone numbers, emails and more. These functions enable masking existing data using several methods such as obfuscation (removing identifying characteristics), generation of formatted random data, and data replacement or substitution. For more information, see *note data-masking::.
MySQL Enterprise Edition includes a set of encryption functions based on the OpenSSL library that expose OpenSSL capabilities at the SQL level. For more information, see *note mysql-enterprise-encryption::.
MySQL Enterprise Edition 5.7 and higher includes a keyring plugin that uses Oracle Key Vault as a backend for keyring storage. For more information, see *note keyring::.
MySQL Transparent Data Encryption (TDE) provides at-rest encryption for MySQL Server for all files that might contain sensitive data. For more information, see note innodb-data-encryption::, Encrypting Binary Log Files and Relay Log Files (https://dev.mysql.com/doc/refman/8.0/en/replication-binlog-encryption.html), and note audit-log-file-encryption::.
For other related Enterprise security features, see *note mysql-enterprise-encryption::.
File: manual.info.tmp, Node: mysql-enterprise-encryption, Next: mysql-enterprise-audit, Prev: mysql-enterprise-security, Up: mysql-enterprise